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Description 

Technical Reld 

5 A microfiche appendix containing 1 45 frames on 2 cards is included in the specification and is hereafter 

referred to as Appendix I. 

Background of the Invention 

70 The present invention relates to an integrated circuit <IC) information card system using a card having 
an integrated circuit chip or chips including a programmable processor and a nonvolatile read/write memory 
for storing data and access codes needed to access the data. 

Various types of information cards have been developed which include storage media for storing 
information identifying the user of the card and other infonmation. One such card is the ordinary plastic 

15 credit card or identification card which has embossed lettering on the card to indicate the identity of the 
holder, an identification or account number and possibly other information. In addition, the ordineuy plastic 
credit or identification card has on its backside a magnetic stripe for magnetically storing data. The data 
stored on the magnetic strip typically verifies the embossed information on the front of the card and 
includes additional information. Such magnetic stripe plastic cards, while inexpensive to manufacture and 

20 issue, provide relatively littie security against unauthorized or fraudulent access to the information stored on 
the exposed magnetic stripe, since such information can be easily read or altered using commonly available 
equipment Furthenmore. the recorded data on the magnetic stripe may be distorted or destroyed by dirt, 
scratches or contact of the magnetic stripe with magnetic materials . Moreover, the capacity of such a 
magnetic stripe plastic card is limited to about 0.5K bits to 1.7K bits, or about 70 to 200 alphanumeric 

25 characters. 

Another type of card, known as the laser card, is similar to the magnetic- stripe plastic card but replaces 
the rhagnetic stripe with a stripe of reflective material- Information is stored in the leiser card by burning 
microscopic holes in the surface of the reflective stripe with a focused, low-pwwer laser. Although the laser 
card is capable of very high data storage capacities of up to 1 million bits, it also does not provide adequate 

30 protection against unauthorized access to the data stored in the exposed reflective stripe, which can be 
easily read or written using the proper equipment. 

Yet another type of information card incorporates integrated circuit memory of either the read only and 
the write/read variety. Such a memory card typically has multiple electrical contacts located at one or more 
edges of the card or on a face of the card to permit electrical access to the address, data and any control 

35 terminals of the memory in the card. However, such memory cards generally provide relatively little or no 
protection against unauthorized access to the data stored in the card, since the contents of the card 
memory can. in most cases, be easily read out or added to .with the proper equipment. Further, some 
memory cards use volatile memory requiring a costly, built-in, power source in the card to prevent loss of 
the data stored in the card memory. The foregoing deficiencies of memory cards have essentially limited 

40 their use. 

Still another type of information card, known as the wired-logic card, incorporates an integrated hard- 
wired logic circuit together with nonvolatile integrated circuit memory to provide improved security for the 
data stored in the memory. In such a card, access to the memory may t>e entirely under the control of the 
hard-wired logic circuit, which may require the entry of a secret code or key before access to the memory 

45 is permitted. Owing to the limited processing capat>ility of the hard-wired logic circuit, the wired-logic cards 
have been limited to relatively simple applications, such as for telephone payments and records. 

The latest generation of information cards, which are commonly referred to as ''intelligent" or "smart" 
cards, includes a programmable integrated circuit processor together with nonvolatile integrated circuit 
memory within the card. Since the programmable processor provides greatly expanded processing 

50 capabilities, the card may incorporate a sophisticated security system to prevent unauthorized or fraudulent 
access to some or all of the data stored in the card memory. 

One such security system is disclosed and claimed in U.S. Patent No. 4,211,919 to Michael Ugon, 
which issued on July 8, 1980. In that security system, the card memory is segmented into three particular 
zones, namely: a secret zone in which reading and writing operations are permitted only by the internal 

55 processor of the card; a working zone in which reading and writing operations are permitted directly by an 
external card reader/writer device; and a read zone in which only reading operations are permitted directly 
by the card reader/writer device. The secret zone of the card memory includes at least one key or code 
which is compared to a key received from a card reader/writer device to determine whether a particular 
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access operation to the working zone is authorized. 

The above-described card security system has the problem in that data segments of the working zone 
may be defined only in the application program of the host computer of the card system, therefore adding 
to the complexity of such an application program. Furthermore, all data in the working zone have only a 
single security level for reading and writing operations, respectively, i.e.. with the entry of the proper key or 
combination of keys the entire wori<ing zone may be read or written. 

In many applications for information cards, it is desirable to have the flexibility of being able to define 
the data zones of the card memory within the card itself and of being able to assign different security levels 
for reading or writing operations in the various data zones to suit the particular application. F=or ^cample, in 
a health care application where the card is used to store data concerning a health care recipient. iTwouW be 
appropriate to restrict access to certain categories of data only to particular classifications of health care 
personnel (e.g., doctors, phannacists. etc.) and to similarly restrict the authority to add or alter the data in 
the card memory. Therefore, it is desirable to store the various categories of data concerning the health 
care recipient in different zones of the card memory as defined within the card and to assign an appropnate 
access security level, based on one or more access keys, for reading and writing operations to each data 



zone. 
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e. 

Accordingly, a need clearty exists for an IC card structure and method in which the card memory may 
be segmented into a desired number of data zones after this card is manufactured and in which each data 
zone of the card memory may be assigned a respective security level, based on one or more access keys, 
for reading or writing operations in that zone. A system using an IC card and method may advantageously 
include provisions for preventing the dissemination of knowledge of the access keys or combinations of 
such keys which define the security levels for the data zones of the card memory and for initializing the 
cards (i e . defining the data zones of the card memory, assigning respective security levels to each data 
zone and loading the proper data into the various data zones card of the care memory) for each application 
on a mass production t^asis. - *u ^ 

From EP-A-0 152 024 an IC information card is known which comprises input/output means in the card 
for receiving at least data, commands and keycodes; nonvolatile memory means having a multiplicity of 
addressable bit storage locations: means within the card responsive to zone definition data and a keycode 
stored in the card to allow access to predetermined zones if an entered received keycode matches the 
keycode stored in the card. A zone access controller stores a password and an access condition for each 
zone in the memory. 

A similar IC card is known from US patent specification 4.211,919. This IC card has memory means in 
the card having different zones with different access conditions- At least one zone of the memory includes 
at least one key or code which is compared to a key received from a device external to the data earner to 
detemiine wheher a particular operation is authorized- . - * 

From US patent specification 4.211.919 there is further known an initialisation system for IC information 
cards known from EP-A-0 152 024. 

Summary of the Invention 

In accordance with the present invention, an IC infomnation card, systems for using and initializing sucfi 
cards and methods for s eomentinq the card memory and for preventing the dissemination ,ofJknowte^ of 
access codes are provided which overcome or at least mitigate the limitations and problems of the prior art 

as described above. , ^ ^ - 

The IC information card in accordance with the present invention compnses input/output means in the 
card for receiving at least data, commands and keycodes and for providing at least data. In addition, the 
card includes nonvolatile read/write memory means within the card, the memory means having a multiplicity 
of addressable bit storage locations. Furthermore, the card includes first means within the card responsive 
to a first command, zone^6smiQSU3im^f^<^ an entered keycode received by the inpuVoutput means for 
comparing the entered keycode with a first keycode stored in the card and for writing the zone definition 
data in a first region of the memory means ^^.y ^ .^.^iv^n k^ynode matches the first keycode. the 
zone definition data comprising one or more zone definition words each con-esponding to a respective data 
zone in a second region of the memory means, each zone definition word specifying at least the starting 
address of the corresponding data zone and the size of the conresponding data zone. 

SecuritvJevets may be specified for each of the datazonesby providing the card with second means 
respo'JJ^to a second command, keycode data comprising one or more additional keycodes and an 
entered keycode received by the input/output means for comparing the entered keycode with the first 
keycode and for writing the additional keycodes in a third region of the memory means only if the entered 
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keycode matches the first key code, and having each zone definition word further specify either no keycode 
or one or more of the first keycode and the additional keycode or keycodes as being required to be 
received by the input/output means in order to read data from the corresponding zone and either no 
keycode or one or more of the first keycode and the additional keycode or keycodes as being required to 

5 be received by the input/output means in order to write data in the corresponding data zone. 

In the preferred embodiment of the IC information card there is provided a third means within the card 
responsive to a read command, a code specifying a particular one of the data zones from which data js to 
be read and any entered keycode or keycodes received by the input/output means for comparing any 
entered keycode or keycodes with any keycode or keycodes specified as being required to read data in the 

10 particular data zone for providing data from the particular zone to the input/output means if IRfe entered 
keycode or keycodes match the keycode or keycodes specified as being required to read data from the 
particular data zone or if no keycode is specified as being required to read data from the particular data 
zone. Also provided in the preferred emljodiment is a fourth means within the card responsive to a write 
command, a code specifying a selected one of the data zones in which data is to he written, data is to be 

75 written in the selected zone and any entered keycode or keycodes received by the input/output means for 
comparing any entered keycode or keycodes wth any keycode or keycodes specified as being required to 
write data in the selected data zone and for writing the received data in the selected data zone if the 
entered keycode or keycodes match the keycode or keycodes specified as being required to write data in 
the selected data zone or if no keycode is specified as being required to write data in the selected data 

20 zone. 

^ Moreover, in the preferred emtxxJiment of the IC information card data is stored in each data zone as 
successively located data records and each zon gLdefinition word further specifies the.rnaximum-aumbetLof 
data records that cap, hft Btnred in the c orresponding zone , the leng th of the data in each data record in the 
corresponding zone and a zorie aljocatipnjarea^ tor storing data indicative of the 

"55" location of the next d ata record tcT be stored in the coaa spendine^^goQe. Each data record stored in a data 
zone includes a cjagrksum hyte and a record status byte indicative of the validity of the data record. In 

I addition, each zone definition word further specifies whether the data provided to the input/output means by 
the third means in response to a read command and a code specifying data to be read from the 
corresponding zone is only the last data record to be written in the corresponding zone or all data records 
that are stored in the corresponding zone in the order in which such data records are written in the 
corresponding zone. 

An additional feature of the preferred embodiment of the IC information card in accordance with the 
present invention is the "locking" of the card after a specified number of successive unsuccessful attempts 
to access the card. This feature is implemented in the following manner. The memory means further 

35 contains a plurality of successively ordered lock status words, including a first and a last kx:k status word, 
each lock status word having a predetermined number of successively ordered bit positions, including a first 
and a last bit position, each bit position of each lock status word being initially in a second binary state. 
Additionally, the card further comprises fifth means within the card responsive to a failure of an entered 
keycode to match a keycode stored in the card, as a result of a keycode comparison made by the first, 

4Q second, third or fourth means, for writing a first binary state in the lowest order bit position that is in the 
second binary state of the lowest order lock status word in which the highest order bit position is in the 
second binary state. The fifth means is responsive to a match of an entered keycode with a keycode stored 
in the card occurring directly after a failure of an entered keycode to match a keycode stored in the card, 
as a result of a comparison made by the first, second, third or fourth means, for writing a first binary state in 

4s the highest order bit position of the lock status word in which a first binary state was written by the fifth 
means in response to the directly preceding failure of an entered keycode to match a keycode stored in the 
card. The card further comprises sixth means within the card responsive to a lock status word having bW but 
its highest order bit position in the first binary state for placing the card in a locked state in which at least 
reading and writing access to the first and second regions of the memory are prevented. Lastly, the card 

50 includes seventh means within the card responsive to an unlock command and one or more entered 
keycodes for comparing the entered keycode or keycodes with preselected keycode or keycodes stored in 
the card and for writing a first binary state in the highest order bit position of the lock status word having all 
but the highest order bit position in the first binary state to release the card from the locked state, if the 
entered keycode or keycodes match the preselected keycode or keycodes. 

55 In the preferred embodiment of the IC information card in accordance with the invention, ttie first, 
second, third, fourth, fifth, sixth and seventh means are included in an appropriately programmed 
microprocessor operatively coupled to the input/output means, and the memory means includes a 
programmable read-only memory operatively coupled to the microprocessor. 
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The above-described IC information card in accordance with the invention is advantageously used in 
conjunction with two-card reader/writer means having a first and a second port for receiving a first and a 
second card, respectively, and for coupling to the input/output means thereof, coupling means for receiving 
at least commands, data and keycodes and for providing at least data, and reader/writer memory means. 
5 The reader/writer means further includes first means responsive to the coupling means receiving a 
command to read the second card, a code specifying a particular zone in the second card from which data 
is to be read and any keycode or keycodes to be entered in the first card, for providing to the input/output 
means of the first card one or more read commands together with a code or codes specifying the data zone 
or zones of the memory means of the first card where the keycode or keycodes required to read^data in the 

10 particular zone of the secor^d card are stored and any keycode or keycodes received by the coupling 
means. The first means then transfers such required keycode or keycodes to the reader/wrrter memory 
means if the keycode or keycodes received by the coupling means match the respective keycode or 
keycodes that are required to read the one or more data zones of the memory means of the first card or if 
no keycodes are required to read such data zones. Thereafter, the first means provides to the input/output 

75 means of the second card the read command, a code specifying the particular data zone and the keycode 
or keycodes for reading data in the particular zone transferred from the memory means of the first card to 
the reader/writer memory means and transfers any data provided by the input/output means of the second 
card to the reader/writer memory means. 

The two-card reader/writer means also includes second means responsive to the coupling means 

20 receiving a command to write to the second card, a code specifying a selected zone in the second card in 
which data is to be written, data to t>e written in the selected zone and any keycode or keycodes to be 
entered in the card for providing to the input/output means of the first card one or more read commands 
together with a code or codes specifying the data zone or zones of the memory means of the first card 
where the keycode or keycodes required to write data in the selected zone of the second card are stored 

25 and any keycode or keycodes received by the coupling means. The second means then transfers such 
required keycode or keycodes to the reader/writer memory means if the keycode or keycodes received by 
the coupling means match the respective keycode or keycodes that are required to read the one or more 
data zones of the memory means of the first card or if no keycodes are required to read such data zones. 
Thereafter, the second means provides to the input/output means of the second card the write command, a 

30 code specifying the selected zone, the data to be written in the selected zone and the keycode or keycodes 
required for writing data in the selected zone transferred from the memory means of the first card to the 
reader/writer memory. 

Thus in accordance with the present invention, by using the IC information card with two-card 
reader/writer means in the foregoing manner, dissemination of knowledge of the keycodes required to 

35 access the data zones of a card is avoided. In the preferred embodiment, the first card includes a data zone 
storing an identification code unique to that card. The identification code of the first card is read by the 
reader/writer means and stored in the reader/writer memory following initial insertion of the first card into the 
reader/writer means. The identification code in the first card is read again and compared with the 
identification code stored in the reader/writer memory means prior to each read or write access of the 

40 second card. If the identification code which is read prior to an access of the second card fails to match the 
identification code stored in the reader/writer memory means, access of the second card is prevented. 

Further in accordance with the invention, the above-described IC information cards are initialized by a 
initialization system that includes input means for receiving one of the cards at a time to be initialized and 
for coupling to the input/output means of the card received thereby and initializer memory means for storing 

45 the first keycode, appropriate zone definition data and additional keycode or keycodes. In addition, the 
initialization system includes first initializer means for writing the zone definition data stored in the initializer 
memory means to the first region of the memory means of the card received by the input means using the 
first command, and the first keycode stored in the initializer memory means. Furthermore, the initialization 
system includes second initializer means for writing the additional keycode or keycodes stored in the 

50 initializer memory to the third region of the memory means of the card received by the input means using 
the second command, smd the first keycode stored in the initializer memory means. 

The initialization system in accordance with the preferred embodiment of the invention is also used to 
load the data zones of the IC information card with appropriate data to suit a particular application. This is 
accomplished by providing the card with second memory means, such as a magnetic stripe, for storing a 

55 file identification code and the initialization system with means for reading the second memory, such as a 
magnetic stripe reader, for obtaining the file identification code of a card received by the input means of the 
system. Additionally, the initialization system includes mass storage means for storing a multiplicity of data 
files each associated with a respective file identification number, each data file having a plurality of data 
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segments corresponding to respective data zones of a card as defined by the zone definition data written 
into the card by the first initializer means. There is further included third initializer means responsive to the 
file identification code obtained by the means for reading the second memory means for searching the data 
files in the mass storage means for the data file associated with that file identification code. The initialization 
5 system further includes fourth initializer means for writing the segments of the associated data file into 
corresponding data zones of memory means of the card received by the input means using the write 
command and appropriate keycode or keycodes. if any, required for writing data in each corresponding 
data zone. 

There is further provided according to the present invention a method for segmenting the data storage 
10 region of the IC card memory into a plurality of segments, each having assignable attributes including an 
assignable security level and a method for preventing the dissemination of knowledge of the access codes 
for an IC information card by storing such codes in a control card and using two card read/writer means. 

Numerous other advantages and objects will appear to those skilled in the art with reference to the 
following detailed description of the invention, the appended claims and the accompanying drawings. 

75 

Brief Description of the Drawings 

Rgure 1 is a block diagram of the I C information card system in accordance with the invention; 
Rgure 2A is a plan view of the IC information card in accordance with the invention; 
20 Rgure 2B is an elevated cross-sectional view of the IC card of Rgure 2A taken along line 28-28; 

Rgure 3 is an electrical schematic diagram of the CPU and EPROM of the IC information card in 
accordance with the invention; 

Rgure 4 illustrates the memory map of he memory in the IC information card in accordance with the 
invention; 

25 Rgure 5 illustrates the record status byte of a data record; 

Rgure 6 illustrates the security level definition portion of a zone definition word in the memory of the IC 
information card in accordance with the invention; 

Rgure 7 shows a memory map depicting the test address, system and user areas, as well as the 
relationship between physical arid logical addresses of the IC information card memory in accordance 
30 with the invention; 

Rgure 8 shows a memory map depicting the security management area, the zone definition area and the 
data area of the IC information card memory in accordance with the invention; 

Rgure 8A shows a memory map depicting the organization of a single data zone of the IC information 
card memory in accordance with the invention; 
35 Rgure 9 is a flow chart showing the IC information card operation generally upon receiving a command 
from the reader/writer; 

Rgure 10 is an block diagram of the IC information card reader/writer in accordance witii the invention; 
Rgure 11 is an schematic diagram of the interface circuit for the card transport unrt for the IC information 
card reader/writer of Rgure 1 0; 
40 Rgure 12 and Rgure 13 together show the schematic diagram of the IC information card reader/writer of 
Rgure 10; 

Rgure 14 shows the memory map of the ROM and RAM of the IC information card reader/writer of 
Rgure 10; 

Rgure 1 5 shows in block diagram form the configuration of software for the IC information card system 
45 in accordance with the invention; 

Rgure 16 shows a block diagram of the IC information card initializer system in accordance with the 
invention; 

Rgure 17 shows a memory map depicting the general organization of a master card for the IC 
information card initializer in accordance with the invention; 
50 Rgures 18 through 22 show flow diagrams representing the initializer program flow in accordance with 
the invention; 

Rgures 23 through 39 show the command protocols of the BIOS program of IC information card 
reader/writer in accordance with the invention; 

Rgures 40A and 408 show flow diagrams representing the IC infomiation card reader/writer application 
55 program process flow in accordance with the invention; 

Rgures 41 through 91 B show the flow charts of the program of the microprocessor of the IC infonmation 
card in accordance with the invention; and 
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Rgures 92 through 107B show the communication protocols for the commands of the program of the IC 
information card inrtializer in accordance with the invention . 

Detailed Description of the Preferred Embodiments 

5 

As shown in Figure 1. the IC card system 100 according to the invention comprises an IC card 10, 
connected via its contacts 24 to corresponding contacts in a reader/writer (FVW) 14. The system also 
comprises a host computer 16 connected to the reader/writer 14 by an electrical link 18, which may 
comprise an RS-232G communications link. The host computer 16 may be an IBM Model XX,.As will be 
10 described below, the reader/writer 14 has two receptacles or ports for receiving up to two IC cards 10 
simultaneously. The individual components of the system will now be described in more detail. 

IC CARD 

75 The IC card 10, as shown in Figs. 2A and 28 is preferably the same general size as a conventional 
magnetic stripe credit card having a size 54 by 86 by 0.76 mm. The IC card has a magnetic stripe 19 and 
contains a CPU 20 and nonvolatile memory in the form of a PROM or EPROM 22. Alternatively, a storage 
device such as an EEPROM, i.e. an electrically erasable programmable read only memory, can be used as 
the storage device. The IC module comprising the CPU 20 and EPROM 22 Is enclosed in the card 10 using 

20 a between-layers lamination method known to those skilled in the art. 

The IC module is electrically connectable to the reader/writer 14 by means of eight terminals C1 
through C8 as shown in Figure 2A. The card size as well as the electrical terminals Cl through C8 are 
designed to comply with ISO (International Organization for Standardization) standards for IC cards. These 
standards provide essentially for eight terminals CI through C8 located and positioned in the arrangement 

25 shown in Figure 2A with the dimensions of each tenminal t>eing 2.0 by 3.9 mm and edge to edge vertical 
and horizontal spacirtgs of 0.54 mm and 7.62 mm. respectively. The terminals CI through C8 are adapted 
to engage corresponding contacts (not shown) in the reader/writer 14. 

Figure 3 shows in more detail the electrical connections between the terminals CI through C8. the CPU 
20 and the EPROM 22. The CPU may be a model 8049 8-bit microprocessor. The EPROM may be a model 

30 2764 C with a storage capacity of 64K bits, (i.e. 8K bytes). Electrical connections between the CPU 20 and 
EPROM 22 include a control bus 26 comprising two lines, an address bus 28 comprising 13 lines, and a 
data bus 30 comprising 8 lines. Although the particular embodiment shows CPU 20 and EPROM 22 as 
separate IC chips, it is to be understood that equivalents of those two components may be fabricated on a 
single IC chip. 

35 With respect to the CI through C8 and with reference to Figure 3, terminal Cl is designated VCC and 
provides the power ( + 5 volts) to the CPU and memory. Terminal C2 designated RST is the reset terminal 
of the CPU. Terminal C3 designated CLK is the clock terminal of the CPU. Terminal C5 designated GND is 
the ground. Terminal C6 designated VPP is the read/write power terminal of the EPROM (although in some 
embodiments the single 5 volt power source Cl may accomplish this purpose). Terminal C7 designated I/O 

40 is the data input/output terminal for communicating data to and from the reader/writer. Terminals C4 and C8 
are not presently used in the exemplary card. 

IC CARD MEMORY 

45 A unique feature of the present invention is in providing a user (data) memory area i n the EPROM 22 of 
the card which can be selectively divi ded into a niim hRr..nr-^naflsI,each of which may be selectively 
accessed (for reading, writing or both) if a kev or oa <^<iwnr(i code enteredJnto the car,d-bv^tsaAser.pewnits 
such access for that particular zone. 

The memory of the IC card will be described with reference to Rgure 4 which shows tbe-data-a*:ea-ef 

50 an IC card memor y bo i ng d tvTde4-m to a p l u i:nlity of * ^ 'ono>inrwhich can be fr o m 1 to yss i n ni i mh/^ Each 
zone is further divided into a^one area anH a numt>er of records from 1 to 255, Each record is 

further divided inte-threersegnrrents. the first being the segment where the date-8Te"tftOTedHhe second being 
a- chock byto - a nd the third being ajceGO«i-«xatus-byta. The length of the records can be selectively defined 
by the user to be up to 253 bytes, so that the total size of the data record will be up to 255 bytes, with the 

55 chock byto ( 00) JiiU > L i LU Fir st ait r s ^ ^te'tSSH<=*efa^ 

The check byte (CB) is used to detect distorted data in a data record. When a data record is written, 
the IC card calculates a value using this data by. for example, a check summation using the complement of 
2 method, and writes this value into the check byte space. When a record is read, the IC card checks the 
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integrity of the data by performing the same calculation and by comparing the calculated value to tfie value 
stored as the check byte. The record status byte (SB) is used for defining record attributes such as data 
validity and is read or written using the record status byte write-read commands of the IC card program. 

5 ZONE DEFINITION 

The attributes of each zone are defined by writing a zone definition table into the EPROM of the IC 
card. The following zone attributes may be defined for each zone: 
1 ) record length (number of bytes) ^ 
10 2) number of records 

3) security level 

4) UPDATEmiSTORY. 

(a) Record Length 

75 

The length of data per record is expressed as the number of bytes in the record. The shortest record 
permitted is one byte, and the longest record permitted is 253 bytes. 

(b) Number Of Records 

20 

The number of records in each zone may range from 1 up to 255. 

(c) Security Level . 

25 This attribute relates to the access level at the time of writing or reading a record. The IC card normally 
requires one or two keycodes corresponding to tfie security level defined for a zone to be entered into the 
card before reading or writing of data in the zone is permitted. If a keycode stored in the IC card for a 
particular zone does not match the code entered from an external source (e.g., an IC card reader/writer), 
data cannot be read or written in that zone. The security control functions of the IC card in accordance wKh 

30 the present invention will be explained in further detail hereint>elow. 

(d) UPDATE/HISTORY 

This attribute relates to the mode of reading data from a zone. When a zone is defined as **UPDATE", 
35 only the most recently written record in the zone is obtained when the zone is read. If a zone is defined as 
"HISTORY**, all records in the zone are obtained in the sequence in which they were written v/hen the zone 
is read. Whether to define a particular zone as an UPDATE zone or a HISTORY zone depends on the user 
application. 

40 DATA READAA/RITE 

(a) Data Write 

Data is written sequentially in a zone in units of records. For example, if in Zone No. N data has been 
45 written up to Record No. 1, additional data is written in Record No. 2. 

(b) Data read 

Data records are read out of only one zone at a time. The method of reading data records depends on 
50 whether the zone is defined as UPDATE or HISTORY. If the zone is defined as UPDATE, only the last 
written record in the zone is read. In the above example. Record No. 2, which was the last to be written, is 
read if zone No. N is defined as UPDATE. If the zone is defined as HISTORY, all records in the zone are 
read in the sequence the records were written. In the at>ove example, data is read from zone No. N in the 
sequence of Record No. 0. Record No. 1 and Record No, 2 if that zone is defined as HISTORY. 

55 
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(c) Record Status Byte 

The configuration of record status byte is shown in Rg. 5. Each of the bits MO through M7 of the record 
status byte can be given a special meaning in the data record. The meaning of each bit must be defined in 
5 advance by the system application that uses the IC card. The M7 bit is normally used to indicate "record 
deletion" or "unnecessary record". The record status byte can be written or read by issuing an appropriate 
command to the IC card. 

KEY CODES (PASSWORD CODES) ^ 

10 

This IC card needs a password code when writing or reading data in the card memory, in order to avoid 
unauthorized use of the card. The password code is not needed^ in aiDpIications that do not require security 
as will be described hereinbelow. 

There are the following four types of keys or password codes : 

75 

1) Manufacturer's key (M-key) 8 bytes 

2) Personalization key (P-key) 8 bytes 
^ 3) Organization key (O-key) 8 bytes 
^ . 4) PIN 4 bytes 



(a) Manufacturer's Key (M-Key) 

25 The M-key is defined in the mask program of the microprocessor of the IC card. Therefore, it cannot be 
read externally by any means. The M-key is a password code consisting of 8 bytes and is specified by the 
manufacturer prior to th© manufacture of the IC. The M-key must be controlled by the manufacturer and the 
system user and should not be made krwwn to the IC card user. The M-key is used only for internal 
diagnostic activities within the card. (The system user mentioned here means the party who issues the 

30 initialized cards to user organizations.) 

(b) Personalization Key (P-Key) 

The P-key is defined in the mask program of the microprocessor of the IC card. Therefore, it cannot be 
35 read externally by any means. The P-key is a password code consisting of 8 bytes and can be specified by 
the system user upon request prior to the nianyfac.ture_ofJhe IC card. The P-key must ^bejcontrolled b y the 
system user and should not be made known to the IC card user. The P-key is used on the following 
occasions: ^ 
(1 ) to write an organization key; — r> 
40 (2) to write a PIN key; — ^ 

(3) to write zone definition tables; and 

(4) when the system user uses a specific zone for himself. 

(c) Organization Key (O-Key) 

45 

The O-key is a eight-byte password code that the system user can define after the card is manufac- 
tured. When combined with a PIN code, the O-key can provide an additional level of security for the card. 
Although the O-key can bo used in a variety of ways depending on the application, it is normally used as a 
hig her level _ke^ than the PIN ke y. The O-key is stored in the EPRQM of the IC card. The O-key may also 
50 be used to write th e PIN kev in the EPROM . 

(d) PIN Key 

The PIN (Personal Identification Number) key is a four-byte password code that the system user can 
55 define after the card is manufactured. As in the case of the O-key, this key can also be used in a variety of 
ways by the application, but the common use of the PIN key is as a private password code of the IC card 
user. The PIN key is also stored in the EPROM of the IC card. 
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SECURITY CONTROL FUNCTION 
(a) Security Level 

5 The security level of each zone is defined in the zone definition table. The term "security level" as used 
herein means the key or combination of keys among those defined (P-key, O-key and PIN) that are required 
to perform a read or a write operation in a particular zone. Reading and writing operations for a given zone 
may have different security levels. A 6-bit portion of a zone definition word used to define the security 
levels for reading and writing in a particular zone and the codes defining the various securit^leveis in 

70 accordance with the invention are illustrated in Figure 6. 

The different levels of security that are available in the IC card according to the present invention and 
the key or keys necessary for each security level are summarized in Table A. 



TABLE A 

75 



Security 


Necessary Key<s) 


Level 




0 


Access disabled 


1 


PIN 


2 


O-key 


3 


PIN or O-key 


4 


PIN and O-key 


5 


P-key 


6 


Undefined 


7 


No key required 



(b) Card Lock 

As explained above, the IC card requires a password code or codes as defined by the zone definition 
table in order to read or write in a zone. If an entered key does not match a required key three times in 
succession, the card is "locked" or disabled from further use. The "lock" function applies to all IC card 
operations (e.g.. writing of a Pin or O-key, reading or writing of a zone definition table, reading or writing of 
a record status byte, etc.) where a key is needed and is not limited only to the reading or writing of a data 
record. 



(c) Card Unlock 

Once locked, the card cannot be used. However, it can be made usable by issuing an "UNLOCK" 
command to the card. Before unlocking a card, it must be carefully determined whether the cause for 
locking the card was a simple error in memorizing a required key on the part of the card user or an attempt 
at an unauthorized access of the card. The O-key (or P-key) and the PIN key are both needed to unlock a 
card. The unlock function can only be performed up to 486 times on a single card. 

MEMORY MAP 



Figure 7 shows the memory map of an IC card according to the present invention. The card has an 
EPROM. The 64k-bit memory consists of the following three areas: 

1 ) test address; ^ 

2) system area; and ^ 

3) user area.*^ 



(a) Test Address 

This is a physical address. Addresses 0. 1. 2. 4, 8, 16, 32. 64. 128. 256. 512. 1024. 2048 and 4086 are 
used for testing at the time of manufacturing or during use of the IC card. During such testing the data of 
OOH, 11H. 22H. 33H, 44H. 55H, 66H, 77H. 88H. 99H. AAH. BBH, CCH and DDH are written sequentially into 
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the test addresses. If the test data cannot be read or written correctly to each test address, a hardware 
failure is indicated. 

(b) System Area 

5 

This area is used by the nnanufacturer of the card and is not in general available to either the system or 
card user. This area is used to check the card function, to control the card and to extend the application. 
The size of this area is 119 bytes. 

10 (c) User Area 

This area stores user data arKi has a size of 8058 bytes. This area is specially defined as "logical 
address". 

75 Logical address = 0 - 8057 (1F79H) (1) 

Unless otherwise specified, the term "address" as used herein means a "logical address". 
IC CARD FORMATTING OR INITIALIZATION 

20 

Prior to reading or writing a data record in the IC card memory, the memory must be fonmatted 
(initialized) to correspond to a particular application for the IC card system. The formatting of the IC card 
memory consists of the following two operations: 
1 ) writing of key codes; and , 
25 2) writing of a zone definition table. 

(a) Key Code Write 

The PIN key (4 bytes) and the O-key (8 bytes) must be written into the IC card memory. If the 
30 respective security levels of all zones are defined as "No Key Required", there is no need to write the PIN 
and O-key into the card. Once written in, the PIN key and the O-key cannot be changed. 

(b) Write Zone Definition Tables 

35 As described above, the zone definition attributes are as follows: 

1) record length; 

2) number of records; 

3) security level (for writing and reading); and 

4) UPDATE/HISTORY data record read mode. 

40 In addition to the above, the following additional zone definition attributes must also be defined: 

5) zone starting address; and 

6) number of allocation bytes 

A zone definition word for each zone written into the IC card memory is 6-bytes in length containing codes 
representing the above six attributes. 

45 Rgure 8 shows the memory map of an IC card at the time of zone definitron. The security management 
area 705 of the IC card memory is used to store information for detecting unauthorized use of the card. The 
area 705 also includes three status bits which respectively indicate whether the PIN key and the O-key have 
been written and whether the zone definition area 706 has been closed. The PIN and O-keys themselves 
are stored in memory area 705. 

50 The remainder of the security management area 705 (243 bytes) is divided into 486 4-bit nibbles. 
These nibbles are used one at a time for recording unsuccessful attempts to access the IC card memory. 
Each time an entered key does not match a required key, the next successive nonzero bit of the current 
nibble being used to record unsuccessful access attempts is set to zero. When the three lowest order t>its 
of the current nibble are all set to zero, the card is "locked". The card may be "unlocked" by setting the 

55 highest order bit of the current nibble to zero. An access in which the entered key matches the required key 
resets the count. If the cun'ent nibble has recorded any unsuccessful access attempts, all bits of the current 
nibble are set to zero. The unlocking or resetting of the card causes further unsuccessful attempts to be 
recorded in the next successive nibble. 
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Rgure 8A shows the memory map of an individual zone 707 as indicated on Rgure 8. Each zone 
includes an allocation area 721, which is used to store information as to which records in the zone have 
been written. The bits within the allocation area 721 are used to keep track of ttie next available record to 
be written. The lowest order bit of the first byte of the zone allocation area 721 is set to zero when the first 

5 record 725 of the zone is written. The next lowest order bit in the first byte of the zone allocation area 721 
is set to zero when the second record 726 of the zone is written. The process continues as each successive 
record is written, setting a respective bit for each record, until the maximum number of records, as 
specified in the zone definition word 703 for that zone, is written. When the last allocated record 727 is 
written, no further records may be written to the zone 707, although the data in the zone may still be read. 

70 In the present exemplary embodiment the zone allocation area for each zone is located within the zone 
itself. However, in some instances it may be desirable to locate the zone allocation areas for all the zones 
together in a separate area of the card memory. 

The check byte (CB) 723 has already been discussed in connection with Fig, 4. The status byte (SB) 
724 has already been discussed in connection with Rgures 4 and 5. 

75 Up to 255 zones may t>e defined in the IC card memory. Since the starting address of a zone is stored 
in the zone definition word, there may be unused memory space between the end of the zone definition 
table area and the start of the first zone. A similar unused memory space may exist t>etween two adjacent 
zones. 

20 (c) Zone size 

The size of Zone No. "n" (expressed as L(n)-number of bytes) is calculated using the following formula: 
L(n) = m(n}x(1(n) + 2) + m(n)/8 (2) 

25 

where l(n) is the record length in number of bytes and m(n) is the number of records. Decimal fractions are 
rounded to the next higher integer. 

(d) Zone Address Calculation 

30 

Assuming that the number of zones to define is M, that the same address is not used for two or more 
places and that no unused memory space exists, the start address S(N) of the N-th zone is calculated as 
follows: 

35 

N-1 

S(N ) = I L(n) + 6M + 256 (3) 
n=l 

40 

The end address E(N) of the N-th zone is calculated as follows: 



N 

^ E(N ) = I L(n) + 6M + 255 (4) 

n=l 

From the above formulae, the last address E(M) of the IC card memory is calculated as follows: 

50 

N 

E(M ) = I L(n) + 6M + 255 (5) 

. n=l 

55 

However, because of the limit on the IC card memory area the last address E(M) is as follows: 
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E(M ) ^ 8057 (6) 

Because of the limit of available RAM buffer space, the product of record length and number of records 
in a zone may not exceed 2048. 

5 

l(n) X m(n) 5 2048 (800H) (7) 
IC CARD OPERATION 

10 Figure 9 is a flow diagram of the IC card operation. In accordance with this flow chart, the IC card first 
receives a command from ttie readerAvriter at 801. The IC card then does a check at 803 to determine 
whether the command is supported by the card. If the command is not valid, an error code irKlicating such 
is produced at 804 and processing stops. However, if the command is valid, it is executed at 805. and the 
output as a result of command execution is provided at 806. 

15 

COMMAND DESCRIPTION 

The IC card uses 15 commands which are classified into 8 different groups, namely, IC card hardware 
test, formatting, key write, zone read/write, records remaining to be written in a zone, record status 
20 management, and card program version information read. It should be understood that some commands 
require particular keys and parameters for their execution. The IC card commands in accordance with the 
present invention are listed in Table B herein. 

RESULT OF EXECUTIONS BY THE IC CARD (RESPONSES) 

25 

The IC card informs the reader/writer of the result of the execution of a command- If the command 
includes a read command, the data obtained through execution of the read command are included in the 
response provided to the reader^vriter. The response indicating command execution by the IC card can 
take the form of one or more return codes. 

30 

READERWRITER COMPONENT 

The reader/writer 14 which is connected to the host computer 16 via a RS-232C communication link 18 
and which accepts one or two IC cards will now be described. Rgure 10 is a block diagram of a 

35 reader/writer 14 showing two ports numbered 1 and 2 (914 and 915) for receiving the IC information cards 
descnbed above. The respective reader/writer ports are connected to card interfaces (t/F) 902 and 901 
which are in turn connected via a data/address bus 903 to other components in the reader/writer. Also 
connected to the card interfaces 902 and 901 are respective buzzers or sound transducers 904 and 905. 
each of which may produce a different frequency, e.g. 600 Hertz and 2400 Hertz. A RAM memory 906 of 

40 8K bytes, ROM memories 907 and 907A having a total of 16K bytes, and a CPU 908 in the fonm of a Z80A 
microprocessor are also connected to tfie data/address bus 903. The RS-232C interface 909 is also 
connected to the data/address bus 903. The reader/writer 14 is provided with a power supply 910 which 
receives 90 to 130 volts AC through a noise filter 911 and which supplies DC voltages of 5 volts, +12 volts 
and -12 volts. 

45 As part of the reader/writer ports 914 and 915, card transports are provided for transporting the cards 
into and out of the reader/writer ports. Such transports are commercially available from various manufactur- 
ers, such as the Toppan Moore Company, Ltd. of Tokyo, Japan. An electrical schematic diagram of the 
interface for such a card transport is shown in Rgure 1 1 . In the lower portion of the figure, the electrical 
connections provided to the terminals of the IC card are indicated. 

50 When an IC card is inserted into one of the read/write ports, a solenoid is activated and the respective 
card is held in place within the reader/writer 14. At this time, the corresponding card insertion state LED 912 
or 913 as shown in Rgure 10 is illuminated. When transactions involving the card are completed, the 
inserted card can be removed by pressing the card eject button 916 or 917 for the port in which the card is 
inserted. However, if the card eject button is pressed during IC card operation, i.e., while IC card operation 

55 indicator LED 918 or 919 is lit. the card eject button will be inoperative. The card may also be ejected by a 
command issued by the host computer as will t>e described below. When the card is ejected, the card 
insertion state LED 912 or 913 is extinguished. 
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A more detailed schematic diagram of the readerAvriter in accordance with the invention is shown in 
Rgures 12 and 13. Rgure 12 shows on the left the Z80A CPU unit 908 being connected on ttie upper left to 
a clock which drives one of its inputs. A reset circuit is also provided on the left of this figure, as well as 
connections to the power LED and the connection socket for the power supply. Shown on the upper right in 

5 ngure 12 are the ROMs 907 and 907A and the RAM 906. which are connected to the Z80A CPU 908 by an 
address bus in the upper part of the figure and a data bus in the central part of the figure. A baud rate 
selection dip switch arrangement is shown in the bottom center portion of the figure, which also provides 
square wave outputs to drive the respective buzzers. Also shown in the bottom portion of this figure is the 
RS-232C interface which is connected to the baud rate selection chip and to the cable connector to the RS- 

70 232C interface. 

Refenrmg to Rgure 1 3, tfie card interface units 901 and 902 are sfiown respectively in the right and left 
hand portions of the figure. Each of the interface units is connected to the data bus in the upper portion of 
the figure, and are connected to the various solenoid coils in the respective transport units of the 
reader/writer ports 914 and 915 via connection strips CN2 and CN3, respectively. The buzzer 905 for the 
75 card I/F1 is connectable to terminals a and b in the bottom right portion of the figure, and the buzzer 904 for 
card i/F2 is connectable to terminals c and d in the Ixjttom center of the figure. 

The readerAwriter memory map is illustrated in Rgure 14. This memory map shows the BIOS program 
area resident in a portion of the 8K byte area of R0M1 907, and the buffer for the BIOS present In a portion 
of the 8K byte area of RAM 908, 

20 

IC CARD SECURITY SYSTEM SOFTWARE 

Rgure 15 shows the configuration of the software provided for the present IC card system in simple 
block form. As shown in this figure, the host computer 16 contains the host application program and the 

25 input/output (I/O) handler. The I/O handler of the host communicates with the reader/writer 14 through the 
BIOS program of the reader/writer. The reader/writer also has an application program. Communication with 
the IC card 10 is made through the BIOS program of the reader/writer as shown. The IC card 10 also has its 
own card program resident in its microprocessor memory. 

The host application program is prepared according to the particular business requirements of the IC 

30 card system user. The I/O handler of the host provides the basic input/output routine for communication 
tjetween the host computer and reader/writer. The BIOS program is the input/output handler for the IC card 
reader/writer and can perform input/output operations via the RS-232C link to the host computer, in- 
put/output operations to and from the IC cards, and other functions. Typical other functions include turning 
on and turning off of the internal buzzers 904 and 905 of the reader/writer, and checking whether a card is 

35 inserted or not inserted. The application program of the reader/writer is prepared according to the 
requirements of the system. The card program which is built into the CPU of the IC card during chip 
fabrication controls the configuration and access of the IC card and the card memory, as described above. 

The reader/writer is designed to facilitate the host computer in accessing the data stored in the IC card 
in order to fully utilize the IC card functions. Commands issued by the host computer can be divided 

40 roughly into the following command types: reader/writer control commands, data record control commands, 
IC card issue commands (IC card format command), and security related commands. The readerAyriter 
application program implements the reader/writer BIOS commands, which are listed in TABLE B herein. It 
should be understood that the host computer and the IC card reader/writer can be connected over a 
telecommunication link via a modem/acoustic coupler. 

45 The reader/writer application program in the preferred emtxxliment incorporates a security plan which 
uses one of the two cards as the control card and tfie second as the application or user card. This approach 
increases the overall security of the system by avoiding the dissemination of knowledge of the keys 
required to access the various data zones of the IC card memory. For example, the O-key need not be 
known to any person, since it can be stored in the control card. Therefore, that key is not readily available 

50 to someone who wishes to make an unauthorized access attempt in the user card. Additionally, the two card 
approach eliminates the need for ttie entry of the access keys and other information by the system user. 

The reader/writer application program illustrated in Figure 40, op}erates as follows: After initialization 
4001, a unique field (serial number) is read from the control card and stored in the reader/writer for later 
comparisons, process 4003. Various keys may then be read from protected zones within the control card, 

55 e.g., O-key, PIN key and any additional user defined keys, using processes 4004 through 4014, and stored 
within the reader/writer for later use in accessing the application or user card. It is noted that these keys 
may also be loaded into the reader/writer memory from the host computer. The commands from the host 
computer specify what kind(s) of key(s) are required for the specific operation. The reader/writer application 
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program interprets the commands and by using the previously stored keys issues the BIOS commands 
necessary to accomplish the specified operation. The additional security features of the readerAwriter 
application program come into play at this point. Prior to issuing a command to the user card which 
requires one or more keys, the reader/writer application program checks the control card serial number, at 

5 4009 to make sure that the control card has not been changed, tf it has been changed, the control card 
serial number and the applicable keys in the reader/writer are set to zero, and an error message is returned 
to the host computer. Under such conditions, the command to the user card is not carried out. The 
commands defined by the reader/writer application program are listed in Table E. 

As shown in Rgure 14. the user's program area occupies memory locations 1000H to IFWH, or from 

10 1000H to 3FFFH if optional ROM2 is used. The memory location in the RAM area at addresses EOOOH to 
EOFFH. i.e., 256 bytes, is used as a data buffer and as a stack for the BIOS program, leaving the RAM area 
from El DOH to FFFFH as user memory, 

ISSUE SYSTEM COMPONENTS AND OPERATION 

75 

The IC cards can t>e formatted (initialized) and personalized in a number of ways. The terms 
"formatting" and "initialization* both refer to the writing of the O-key, the zone definition table and. 
optionally, the PIN key in the 10 card memory. The term "personalization" refers to the writing of 
appropriate data records in the data zones of the IC card memory. 

20 One aspect of the present invention is to format and personalize a large number of IC cards for a 
particular application on a mass production basis. To accomplish this, an arrangement as shown in Rg. 16 
is used which comprises an initializer (l/Z) 50 used in conjunction with a host computer 16. The host 
computer in the preferred embodiiDent is an IBM-XT having a CRT, a keyboard, a printer, a 10 MB hard 
disk, and a one or more double floppy diskette drives. The initializer 50 and the host computer 16 are 

25 connected to each other by a RS-232C communications link. 

In accordance with the personalization process, the respective data files to be loaded into the IC cards 
ai'e stored on the hard disk or floppy diskette or some other mass storage medium and are accessed by 
way of a personal code for each personal data file stored in the. mass storage medium. Each IC card to be 
personalized is provided with a magnetic stripe in accordance with the conventional format and is 

30 magnetically encoded with a |>ersonal code for addressing a corresponding personal data file in the mass 
storage medium. The magnetic encoding of the magnetic stripe is carried out using conventional techniques 
preferably on the second track of the stripe in accordance with the ABA standard or JIS type I, or the first 
track in accordance with JIS type II. 

The initializer 50 has an input slot or an input hopper for accepting cards and a card handler for moving 

35 each card automatically through a magnetic stripe reader to electrical contacts in the initializer which make 
electrical contact to respective IC card contacts C1-C8. Each card is first initialized by writing the O-key. the 
zone definition table and, optionally, the PIN key in the card memory. Such initialization information and the 
P-key, which is required before the initialization information can be written into the card memory, have been 
previously entered into the initializer and are stored in the initializer memory. The initialization information 

40 and the P-key are advantageously entered into the initializer by means of a master card, as will be 
described in further detail herein below. 

Following initialization, if the card in the initializer is to be personalized, the personal code on the 
magnetic stripe is read and transferred to the host computer. In response to receiving the personal code of 
the card, the computer addresses the corresponding personal data file in the mass storage medium and 

45 personalizes the card by writing the data in the file in previously defined zones of the IC card memory. The 
initialized and personalized cards are then ejected. 

In order to operate such a system, master cards 52, one or more IC cards 10. and several data files 
must be prepared. There are four types of nnaster cards 52. one for each operation of the initializer. All 
master cards are previously written with information necessary for the respective operation according to a 

50 predetermined format The information written on the master cards includes a different identification code 
for each operation and a batch number which is necessary for issue control. Figure 17 is a memory map of 
a master card 52. 

The different operations of the IC card initializer include formatting. Qnitialization). personalization, 
unlocking, and formatting (initialization) with personalization. 
55 The files necessary for formatting and personalization include a Z.D.T. (zone definition table) data file 
and an index file. The Z.D.T. file is used for formatting or for formatting with personalization. If the Z.D.T. 
data is written in the master card, the Z.D.T. file need not be stored in the memory associated with the host 
computer. 
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The index file is used for personalization or for formatting with personalization. The file contains the 
record length, the field configuration, and field number of the personal data file, the field number t>eing used 
for the search. Also used for personalization or for formatting with personalization is a zone and field 
correspondence file in which the correspondence between the zone numl)ers in the card memory and the 

5 fields of the personal data file are defined. Lastly, a personal data file is used for personalization or for 
formatting and personalization. This file is prepared by the user of the system and consists of fixed ler^gth 
records not including a header and contains a field for record search. 

The host computer has a main program to canry out initialization (formatting), personalization, unlocking 
or both initialization (formatting) and personalization of an IC card. The Z.D.T. data file, the p erso nal data 

10 files, the index file and the zone and field conrespondence file must all be created before an IC card is 
initialized and personalized by the main program. The main program also needs a master card on which the 
required data is written in a certain format 

MAIN PROGRAM 

75 

Rgure 18 is a flow chart showing the pre-operation portion of the main program. The program first asks 
the user whether the communication parameters of baud rate, parity, stop bit and byte length should t>e set 
to their default values of 9600, none. 2 and 8, respectively. If not, the user then is requested to input otfier 
values for these parameters. The pass word is then requested, and if the entered password is satisfactory, 

20 the date and time are displayed for verification by the user. If the date and time are not correct, the user 
should input "n" which causes the program to return the system to DOS to allow the correct date and time 
to be entered. Once this has t>een done and the program reinKiated, if needed, the system completes the 
pre-operation. Thereafter the screen displays five menu items of format, personalization, unk^ck. format with 
personalization, and end. The user selects which one of the five menu items he desires. The first four menu 

25 items are now described. 

FORMATTING (INITIALIZATION) 

Rgure 19 shows the flow chart for the formatting program. When this menu item is selected, the master 
30 card is inserted by the user, and the PIN number for the master card is requested and entered by the user. 
If the inserted master card contains the ZDT data and the O-key (or a corresponding key for a different 
embodiment) such data and key are automatically read, and the master card is ejected. The program then 
asks the user to enter the numt>er of cards which are to be formatted. If the inserted master card does not 
contain the ZDT data, the system reads the ZDT data file from the memory associated with the host 
35 computer. The file contents are then displayed and checked by the user. If the inserted master card does 
not contain the O-key data, this data is entered from the keyboard by the user. The master card processing 
is then complete, and the IC cards to be formatted are then inserted into the initializer. Each time a card is 
formatted, the user is asked whether or not the formatting should continue for the remaining cards or 
whether the formatting should be tenminated. When the desired number of cards have been fomiatted, the 
40 main program returns to the menu. 

PERSONALIZATION 

Rgure 20 shows the flow diagram for the persorialization program. In accordance with this program, 
45 master card insertion is requested, and if the inserted master card is found to be correct, the entry of the 
PIN number for the master card is requested from the user. If the master card contains the O-key. the 
system automatically reads the key, and the master card is ejected. However, if the master card does not 
contain the O-key data, the user must enter this data via the keyboard. The system then reads the three 
files necessary for personalization, namely: the index file; the personal data file; and the zone and field 
50 correspondence file. After the system has read the contents of all the necessary files, it requests the 
insertion of cards to personalize. The cards inserted into the initializer at this point must have l>een 
previously formatted and have the appropriate magnetic data encoded on their magnetic stripes in order to 
allow the host computer to find the proper personal data file in the mass storage medium. 

The IC cards are then fed. one at a time, into the initializer. The initializer reads the magnetic stripe on 
55 each card to find the personal code and obtains the personal data file corresponding to that personal code 
from the mass storage medium and writes the personal data from the file into the IC card memory. At this 
time the PIN key may also be written into the IC card. The PIN numt>er may also be written into the IC card 
at a later time by the system user. After each card is personalized, the system requests whether further 
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personalization of the remaining cards should continue. Once alt of the cards have been personalized or 
upon early termination of the personalization process, the main program returns to the menu, 

UNLOCK PROCESS 

5 

Figure 21 shows the flow chart procedure for the unlock process. According to this process, the 
program asks the user to insert the master card and to input the PIN key for the master card. The O-key is 
then entered by the user from the keyboard of the host computer if the inserted master card does not 
contain this key. The master card is then removed and the IC cards to be unlocked are then iQ^grted. The 
70 individual PIN keys associated with each card are then entered, and the system checks to see whether 
these PIN numbers are correct After each card is unlocked (or if unlock is refused because of an improper 
PIN number), the card is ejected and the user has the option of continuing with further unlocking of the 
other cards or returning to the menu. 

75 FORMATING AND PERSONALIZATION IN COMBINATION 

Figure 22 shows the flow chart for the formatting (initialization) with personalization in combination. This 
flow chart is essentially a combination of the individual steps from the formatting and personalization flow 
charts of Figures 19 and 20. 

20 

OUTPUT FILE 

An output file called XREPORT (wherein X may be replaced by F. P, U or C depending upon the type 
of operation carried out by the initializert i.e., formatting, personalization, unlocking or formatting and 
25 personalization combined) is prepared during initializer operation. All errors made during the operation are 
recorded in a file called XERROR. wherein X may be replaced by F, P, U or C. All file contents can be 
checked using conventional file handling means. 

INITIAUZER COMMUNICATIONS SPECIFICATION 

30 

All communications between the host computer and the initializer are carried in string format comprising 
two bytes indicating string length, one byte indicating the type of string, bytes of data and one final byte 
indicating the checksum. The string length is a two byte field indicating the length of the entire string 
excluding the checksum byte at the end of the string. (The order of the field is the least significant byte first 

35 and the most significant byte last.) There are four types of strings, namely, a command string (designated 
by 01), a data string (02) and information string (03) and a control string (04). The data can be any number 
of bytes needed corresponding to a string type. The checksum is the sum of all string data just before the 
checksum and is provided in two's complement format. 

The command string format is essentially the same general format as indicated above, except that the 

40 data comprises a command code and parameters. The format for the data string is also essentially the 
same as described above, except that the data includes a field indicating the number of data elements and 
another field indicating the data length in bytes. The format for the infonmation string is essentially the same 
as that described above, except that the string lengtfi is fixed at 5, and the data includes error type and 
error detail examples. The fonmat for tiie control string is also generally the same as that described above, 

45 except that the string length is fixed at 4 and the control code is one of three types, namely, 01 H indicating 
ACK, 02H indicating NAK. 03H indicating EOT, 

PROGRAM LISTING AND COMMAND CODES 

50 A print listing for the reader/writer basic input/output system (BIOS) in accordance with the invention is 
included in Appendix I. A listing of the BIOS commands is provided in Table C herein. Table D herein lists 
these commands and shows the information transferred between the reader/writer and IC card during 
command execution, as well as the string format. 

Rgures 23 through 39 illustrate the command protocols t>etween the reader/writer and IC card, showing 

55 the direction and sequence of command, parameters, return and error codes between the reader/writer and 
IC card. The commands illustrated in these tigures correspond generally to many of the BIOS commands 
listed on Table C herein. 
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A print listing of the reader/writer application program, in accordance with the present invention, is also 
included in Appendix I. The commands used in the reader/writer application program are shown in Table E 
herein, which also illustrates the protocol used with the commands. 

Rgures 41 through 91 B are flow charts of the IC card program, in accordance with the present 
5 invention- A print listing of the IC card program, in accordance with the invention, is included in Appendix I. 

Rgures 92 through 108B illustrate the command protocol between the host computer and initializer (l/Z) 
during the initialization process. 

While a particular emtKxIiment of an IC card security system has been shown and described, numerous 
variations and modifications will readily occur to those skilled in the art. The invention is not int end ed to be 
10 limited to the embodiment illustrated and described but is merely illustrative of the application of the 
principles of the invention, whose scope is pointed out in the appended claims. 

TABLE B 



75 


COMMAND CODE (hex) 


NEMONIC 


FUNCTION 




21 H 


PINWR 


PIN Code WRITE 




23H 


OKEYWR 


Organization KEY WRITE 




25H 


WRZDT 


WRiTE Zone Definition Table 


20 


26H 


CLZDA 


CLOSE Zone Definition Table Area 




24H 


RD2DT 


READ Zone Definition Table 




10H 


RDZONE 


READ RECORDS In a Zone 




11H 


WRZN 


WRITE RECORD onto a Zone 




13H 


WRZNWV 


WRITE RECORD onto a Zone with Verify 


25 


15H 


STWR 


Record Status Byte Mark 




14H 


STRD 


Record Status Byte Read a Zone 




27H 


UNLOCK 


UNLOCK the locked Card 




28H 


REMAIN 


READ Number of Remaining Records 




30H 


MTEST 


CARD TEST AT MANUFACTURING 


30 


31 H 


RTEST 


CARD READ TEST 




42H 


RDMPD 


READ MASK PROGRAM DATA (NAME) 
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TABLE C 



BIOS COMMAND LIST <BIHWT1 1 C> 


COMMANU L/UUt (iiex) 




FUNPTinM 


01 H 


SELCRI 


Select Card reader #1 


02H 


SELCR2 


Select Card reader #2 


03H 


BZON 


Buzzer on 


04H 


BZOFF 


Buzzer off 


05H 


SDIN 


RS-232C Data input 


06H 


SDOUT 


RS-232C Data output 


07H 


CDINCK 


Card in check 


08H 


INIT 


Initialize IC card reader/writer 


09H 


CEJCT 


Card eject 


10H 


RDZN 


Read a zone 


11H 


WRZN 


Write a zone 


13H 


WR2NWV 


Write a zone with verify 


14H 


STRD 


Read record status byte 


15H 


STWR 


Write record status byte 


21H 


PINWR 


Write Pin code 


23H 


OKEYWR 


Organization key write 


24H 


RDZDT 


Read Zone Definition Table 


25H 


WR2DT 


Write Zone Definition Table 


26H 


CLZDA 


Close Zone Definition Table Area 


27H 


UNLOCK 


security lock cancel 


28H 


REMAIN 


read remaining number of records 


30H 


MTEST 


Card test at manufacturing 


31H 


RTEST 


Card read test (test at using) 


42H 


RDMPD 


Read mask program data 


note: command code and another parameter should be set to A-register and proper registers before 


BIOS call- 
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TABLE D 



5 


SELCRl 

^olH^ 


nothing 


nothing 








fP?P) 


nothing 


nothing 






10 


y^u i«cv 
r07Hl 




£%■ a lU C W U L CUU C 








BZOH 
I u on 1 


nothing 


As return codp 






15 


BZOFF 
/ 04R\ 


nothing 


A: return code 






20 


( 08H) 


no^nxng 




Select reader #1. 
Only one time usa- 
ble at power on. 




CEJCT 


nothing 


A: return code 






25 






A: return code 


OE 

4^ 






SOIN 


<DE:buf£er addresa> 


C: number of input 
CRrLF code) 


lA^qj?; Md«lCR 


1 








^ C bytes 




30 


SDOOT 


OE;buffec address 


A: return code 


D£ 






(06H) 


of output data 




1 ASCII code ICR 


1 ;-F| 












35 








HL 






PINWR 
(21H) 


HL:bu£fer address 


A: return code 


IP-kev-O-kev 1 
8 «*• 


4 - 



OKE7WR HL: buffer address 
(23H) 



A:return code 



HL 
i 



^ 8 8 



55 
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TABLE D (Cont'd) 
rrnu fMAND INPUT fiPgUfiN 



5 



+ 



WRZDT HL:buffer address A: return code I P-kev I 2DT data! 

(25H) B:2one number ( 01H"FFH) ♦ 8 6 



4- 



CLZDA HI*:buffer address A:return code I P-kev I 

(26H) ^ 8 * 



75 



RDZDT 
(24H) 
Needs 
one of 
^ kev3 



Brzone number { 01H"FFH) A: return code 
C:key type IX:buffer address 

<l:Pin,2:0-key,5:P-lcey) of read data 
HL:buffer address 

<lX:buffer addres3> 

for read data> 



INPUT RETURN 

HL IX 

I ^KEY I I ZPT I 

♦4or8'^ 6 



Brzone number ( 01H"FFH) A: return code 
RDZN C:key type D:Nuxaber of records [N] 

(lOH) bitO"3;lst key type E: record length[L] 
hit-A"7i 2nd key type IX; read data 
(C reg: llE2n2z5IlEli5Eal ) buffer address 
type:lH Pin type 

2H 0-key, 5H P-KEY 
FH No key 
HL: buffer aMtfiaa. 



2nd key 



<IX:buffer address 

for read data> 



IX^ 



No,l record 



check byte 



No . 2 record 



check byte 



No. [N] record 



check bvte 



35 



2nd key type and 2nd key are not always necessary. 

{and for lowest security level the 1st key is not needed either). 



B,C,BLz 

Same as ROZN command 
WRZN Eidata length(L bytes) 
(IIH) XY:bu£fer address of 
Write data 





lY-^l 


+ 




1 Data 




A: return code 


1 to be 


L 




j written 








4- 
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j^HHAKD INPUT 



TABLE D (Cont'd) 
RgTVRN 



WR2NWV 

(13a) 



B,C,HLrE,IY: 

Same as WRZN coxmnand 



"A: return code 



10 BrC#HL: 

STWR Same as ROZN command 

(15H) 0: record No. (OIH^FFH) A: return code 
E:bit No. (0-7) 



25 



30 



BrCrHL: A: return code IX-*- 

STRO Same as ROZN command D; number of records (N) 

(14H) <IX:buf£ec address IX:buf£er address o£ 

for status bytes> status bytes 



status 



Ctlst and 2nd key type 
lH:Pin 
2H:0'key 

tJKLOCK SHi P-key 

(27H) (C reg: 1 7-2n<a-^ I 3-;$t;-q | ) 
Needs 2 of HL:bu£fer address 

3 keys of key 



A: return code 



1st 

key 
2nd 




MTEST nothing 
{30H) 



A: return code( result) Mfr. use 



+ 
N 

4' 



BrCrHL: A:return code 

REMAIN Same as ROZN command O: number of records 
(28H) remaining a zone 



Ist step : card memory blank check, 2nd step : test write and verify 
Test write means to write test data on test address (see below table) 
After MTEST commands card memory is like following: 



Addr. 




0 1 


i 


4 a 


10 


20 


40 


90 


100 


200 


400 


■«00 


1000 






00 22 


2Z 


33 44 




6€ 


77 


99 




AA 


BB 


cc 


DO 



RTEST nothing 
(31H) 



A: return code( result) 



Check test datas 
on test address 



45 



50 



rOMMAND INPOT 



TABLE D (Cont'd) 
RETURN 



ROMPD <IX: buffer address for A: return* code 
(42H) mask program data> 



mask program 

data 
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qOMMAND 



TABLE E 

Reader/Writer Application Program Commands 
IKPUT onrPUT COMMENTS 



Read # Tranaacticxia 
left In Zone 
to write 



RM 
RMF 
RMO 
RMB 



Command 
Zone # 



Key must be previously 
set for the card 
being accessed. 



Return Code 
# Records left 



RME Command Key is not preset. 

Key Type 
Key 
Zone # 

Return Code 
# Records left 



Read Zone Key ^^^^ be previously 

set for the card 

RN Command being accessed. 

RF Zone # 

RO Return Code 

RB # of Records 

Record length 

Record #1 to 

Record in 



RE Command Key is not preset. 

Key Type 
Key 
Zone # 

Return Code 
# Records used 
Record length 
Record #1 to 
Record #n 



45 



50 
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COMMAND 



TABLE E (Can't) 
Reader/Writer Application Program Commands 
INPUT OaTPUT COMMENTS 



10 Write Zone 

WN 
HP 
WO 
WB 

75 



Command 
Zone # 
Data 



Return Code 



Key must be previously 
set for the card 
being accessed. 



WE 



Command 
Key Type 
Key 

Zone # 
Data 



Return Code 



Key is not presets 



30 



Write Zone w/Verify 



VN 
VP 
VO 
VB 



Command 
Zone i 
Data 



Return Code 



Key must be previously 
set for the card 
being accessed. 



35 



VE 



Command 
Key Type 
Key 
Zone # 
Data 



Return Code 



Key is not preset. 
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TABLE E (Con' t) 
Reader/Writer Application Program Commands 
INPUT OUTPUT COMMENTS 



10 



Read Zone Definition 



ZN 
ZP 
ZD 
ZB 



Conuaand 
Zone # 



Return Code 
Zone Definition 
Bytes 



Key must be previously 
set for the card 
being accessed . 



ZE 



20 



Conuaand 
Key Type 
Key 
Zone # 



Return Code 
Zone Definition 
Bytes 



Key is not preset. 



25 



Card in Check 
CD 



Command 



30 



Return Code 



R/W returns Error Code 
if Card not in 



Select Card Module NO return code 

35 CI 

C2 Command 



40 



45 



50 



55 



25 



BP 0 271 495 B1 



CQfWAND 



TABLE E { Con ' t ) 
Reader/Writer implication Program Commands 
INPUT OUTPUT COMMENTS 



Card Eject 
CE 



Command 



Return Code 



Eject Card £rom 

selected module 



20 



Card Application 
Check 

CA 



Command 



Return Code 
Application 
Info 



Application Type is in 
Zone 1 - No security 



Get Key from Host 

GP Command 
GO Key 



Return Code 



Gets the key and 

stores it for later 
use - for the logged 
card 



35 



Get Key from 

Control Card 

GCP 
GCO 
GCl 
GC2 
GC3 
GC4 
GCS 



Command 



Return Code 



Gets the key and 

stores it for later 
use - for card one 
only 

Pin for control card 
must be previously 
set (from host) 



45 



50 



55 
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TABLE E (Con*t) 

^ Reader/Wciter Application Program Commands 

COMMAND INPUT OOTPOT COMMENTS 



TO 

Test the Card Simple read test 

routine 

TR Command 

Return Code 



Status Byte Read Key must be previously 

set £or the card 

SR Command being accessed. 

20 SRP Zone # 

SRO Return Code 

SRB * of Records 

Stat byte #1 to 

Stat byte #n 



SR£ Command Key is not preset. 

Key Type 
Key 



Zone # 



Return Code 
# Records used 
Stat byte #1 to 
Stat byte #n 



Status Byte Write Key must be previously 

set for the card 

SHN Command being accessed. 



SWP Zone # 

SWO Record # 

SWB Bit » (0-7) 

Return Code 



45 



50 
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COMMAND 



TABLE E (Con't) 
Reader/Writer Application Program Commands 
INPDT OUTPOT COMMENTS 



TO 



SWE 



Command 
Key Type 
Key 
Zone « 
Record # 
Bit # (0-7) 



Return Code 



Key is not presetr* 



20 



Report Version R/W 

VRS Command 



Version Info 



Returns the version of 
the EPROM in the R/W 



Unlock Locked Card 

ON Command 



Unlocks card that has 
been locked by 
security 

PIN and O-Key must be 
preset before use 



Return Code 



Buzzer Control 

BH 
BF 



Command 



Return Code 



Turns buzzer on (BN) 
or off (BF) for 
logged Card Module 



35 



40 



Report Version Card 

DR Command 



Return Code 
Version Info 



Returns the version of 
the progreua in the 
Card 
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50 
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COMMAND 



TABLE E (Con't) 
Reader/Writer Application Program Coinmanda 
INPUT OUTPUT COMMENTS 



Write PIN in Card 



KP 



Command 

O-Key 

PIN (to be 

written) Return Code 



Writes the PIN into 
the card for 
security use 



25 



GENEKAL INFORMATION: 

All commands, and parameters sent to the card, iC any for the particular 
command, are terminated by an ASCII Carriage Return - Line Feed pair of 
characters. Additionally, all data transmissions from the Reader/Writer 
are also • terminated by an ASCII Carriage Return - Line Feed pair of 
characters. 

All commands which require a key to operate (unless there is a choice 
of keys available) require that the key be previously set for the R/W - 
either from the host or from the control card. The £ (Either) option 
requires the key type and key be entered from the host program. 



TABLE F 



45 



50 



Command codes are: 


OOH 




NOP 


01 H 




Card in 


02H 




Card out 


03H 




Write magnetic data 


04H 




Read magnetic data 


05H 




Contactor down 


06H 




Contactor up 


07H 




Write a zone 


08H 




Read a zone with data 


09H 




Read a zone without data 


OAH 




Formatting 


OBH 




Unlock 


OCH 




CJheck sensor 


ODH 




On each output device 


OEH 




Off each output device 


OFH 




Transmit data 


10H 




Write PIN 



55 



Claims 



An IC information card (10) comprising: 

input/output means (24) in the card for receiving at least data, commands and keycodes and for 
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providing at ieast data; 

nonvolatile read/write memory means (22) within the card (10), the memory means having a 
multiplicity of addressable bit storage locations; 

first means (20) within the card responsive to a first command, zone definition data and an entered 
5 keycode received by the input/output means (24) for comparing the entered keycode with a first 

keycode stored in the card and for writing the zone definition data in a first region of the memory 
means (22) only if the received keycode matches the first keycode, the zone definition data comprising 

one or more zone definition words (701 704) each corresponding to a respective data zone (707) in 

a second region of the memory means, each zone definition word specifying at least the starting 
10 address of the corresponding data zone and the size of the conresponding data zone. 

2. An IC information card (10) accordir^ to claim 1. wherein the card further comprises second means 
(20) within the card responsive to a second command, keycode data comprising one or more additional 
keycodes and an entered keycode received by the input/output means (24) for comparing the entered 

15 keycode with the first keycode and for writing the keycode data in a third region of the memory means 
only if the entered keycode matches the first keycode, and wherein each zone definition word further 
specifies either no keycode or one or more of the first keycode and the additional keycode or keycodes 
as being required to be received by the input/output means (24) in order to read data from the 
corresponding zone and either no keycode or one or more of the first keycode and the additional 

20 keycode or keycodes as being required to be received by the inpuVoutput means (24) in order to write 
data in the corresponding data zone. 

3. An IC information card (10) according to claim 2. wherein the card further comprises third means (20) 
within the card responsive to the input/output means (24) receiving a read command, a code specifying 

25 a particular one of the data zones (707) from which data is to be read and any entered keycode or 
keycodes, for comparing any entered keycode or keycodes with any keycode or keycodes specified as 
being required to read data in the particular data zone (707) and for providing data fi-om the particular 
zone to the input/output means (24) if the entered keycode or keycodes match the keycode or 
keycodes specified as being required to read data from the particular data zone (707) or if no keycode 

30 is specified as being required to read data from the particular data zone (707), and wherein the card 

further comprises fourth means (20) within the card responsive to the input/output means (24) receiving 
a write command, a code specifying a selected one of the data zones (707) in which data is to be 
written, data to be written in the selected zone and any entered keycode or keycodes, for comparing 
any entered keycode or keycodes with any keycode or keycodes specified as being required to write 

35 data in the selected data zone (707) and for writing the received data in the selected data zone (707) if 

the entered keycode or keycodes match the keycode or keycodes specified as being required to write 
data in the selected data zone (707) or if no keycode is specified as being required to write data in the 
selected data zone (707). 

40 4. An IC information card (10) according to claim 3, wherein data is stored in each data zone (707) as 
successively located data records (722, 727) and each zone definition word (701, ...» 704) further 
specifies the maximum number of data records that can be stored In the corresponding zone, the 
length of the data in each data record in the corresponding zone and a zone allocation area (721) in the 
memory means (22) for storing data indicative of the location of the next data record to t>e stored in the 

45 corresponding zone (707). 

5. An IC information card (10) according to claim 4, wherein the zone allocation area (721) is located in 
the corresponding zone (707) and contains one or more successively ordered bit positions each 
associated with a respective data record position in the zone each bit position of the zone allocation 

50 area (721) containing a first or a second binary state depending upon whether or not the data record 

position associated with that bit position contains a data record, respectively, and wherein the fourth 
means (20) is further responsive to the contents of the zone allocation area (721) of the selected zone 
(707) for writing a data record (722, 727) in the selected zone in the data record position therein that 
is associated with the lowest order bit position of the zone allocation area (721) therein containing the 

55 second binary state and for writing a first binary state in that lowest order bit position containing the 

second binary state. 
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6. An IC information card (10) according to claim 4, wherein each data record (722, .... 727) stored in a 
data zone (707) includes a checksum byte and a second status byte indicative of the validity of the 
data in the data record (722, .... 727). 

5 7. An IC information card (10) according to claim 4, wherein each zone definition word (701, .... 704) 
further specifies whether the data provided to the input/output means (24) by the third means (20) in 
response to a read command and a code specifying data to be read from the corresponding zone (707) 
is only the last data record to be written in the corresponding zone (707) or all data records (722, .... 
727) that are stored in the conresponding zone (707) in the order in which such data recorgjs (722, .... 

10 727) are written in the con-esponding zone (707). 

a An IC information card (10) according to daim 3, wherein the third region of the memory means (22) 
further contains a plurality of successively ordered lock status words, including a first and a last lock 
status word, each lock status word having a predetermined number of successively ordered bit 

15 positions, including a first and a last bit position, each bit position of each lock status word being 

initially in a second binary state, and wherein the card further comprises fifth means (20) within the card 
responsive to a failure of an entered keycode to match a keycode stored in the card, as a result of a 
keycode comparison made by the first (20). second (20). third (20) or fourth means (20) for writing a 
first binary state in the lowest order bit position that is in the second binary state of the lowest order 

20 lock status word in which the highest order bit position is in the second binary state, the fifth means 

(20) being responsive to a match of an entered keycode with a keycode stored in the card occurring 
directly after a failure of an entered keycode to match a keycode stored in the card, as a result of a 
comparison made by the first (20), second (20), third (20) or fourth means (20). for writing a first binary 
state in the highest order bit position of the lock status word in which a first binary state was written by 

25 the fifth means (20) in response to the directly preceding failure of an entered keycode to match a 

keycode stored in the card (10). and wherein the card (10) further comprises sixth means (20) within 
the card responsive to a took status word having ail but its highest order bit position in the first binary 
state for placing the card in a locked state in which at least reading and writing access to the first and 
second regions of the memory means (22) are prevented, and seventh means (20) within the card 

30 responsive to an unlock command and one or more entered key-codes for comparing the entered 

keycode or keycodes with preselected keycode or keycodes stored in the card (10) and for writing a 
first binary state in the highest order bit position of the lock status word having all but the highest order 
bit position in the first binary state to release the card from the locked state, if the entered keycode or 
keycodes match the preselected keycode or keycodes. 

35 

9. An IC information card (10) according to claim 8, wherein the first (20). second (20), third (20), fourth 
(20). fifth (20), sixth (20) and seventh means (20) are included in an appropriately programmed 
microprocessor (20) operatively coupled to the input/output means (24) and the memory means (22) 
includes a programmable read-only memory operatively coupled to the microprocessor. 

40 

10. An IC infomiation card system comprising: 

a first (52) and second IC (10) information card each having: 
(a) input/output means (24) in the card for receiving at least data, commands and keycodes and for 
providing at least data. 
45 (b) means storing a first keycode, 

(c) nonvolatile memory means (22) within the card (10) having a first region for storing one or more 

keycodes and a second region segmented into a plurality of data zones (701 704), each one of 

the data zones (707) being defined to require either no keycode or a specified one or more of the 
first keycode and the keycode or keycodes stored in the first region to be entered into the card in 

50 order to read data in that data zone (707) and to require either no keycode or a specified one or 

more of the first keycode and the keycode or keycodes stored in the first region to be entered into 
the card in order to write data in that data zone (707), 

(d) first means (20) within the card responsive to the input/output means (24) receiving a read 
command, a code specifying a particular one of the data zones (707) in which data is to be read and 

55 any entered keycode or keycodes, for comparing any entered keycode or keycodes with any 

keycode or keycodes specified as being required to read data in the particular data zone (707) and 
for providing data from the particular zone (707) to the input/output means (24) if the entered 
keycode or keycodes match the keycode or keycodes specified as being required to read data in 
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the particular data zone (707) or if no keycode is specified as being required to read data from the 
particular data zone, and 

(e) second means (20) within the card responsive to the input/output means (24) receiving a write 
command, a code specifying a selected one o1 the data zones (707) in which data is to be written, 
data to be written into the selected zone (707) and any entered keycode or keycodes, for comparing 
any entered keycode or keycodes with any keycode or keycodes specified as t>eing required to 
write data in the selected data zone (707) and for writing the received data in the selected zone 
(707) if the entered keycode or keycodes match the keycode or keycodes specified as being 
required to write data in the selected data zone (707) or if no keycode Is specified as t>eing required 
to write data In the selected zone (707). wherein the memory means of the first card (52) Includes 
one or more data zones (707) each storing a respective one or a combination of the first keycode 
and the keycode or keycodes stored in the first region of the memory means (22) of the second 
card (10); and 

IC card reader/writer means (14) having: 

(a) a first (914) and a second port (915) for receiving the first (52) and second (10) cards, 
respectively, and for coupling to the input/output means (24) thereof, 

(b) coupling means for receiving at least commands, data and keycodes and for providing at least 
data (909), 

(c) reader/writer memory means (906), 

(d) first means 908 responsive to the coupling means 909 receiving a command to read the 
second card (10) a code specifying a particular zone (707) in the second card (10) in which data 
is to be read and any keycode or keycodes to be entered in the first card (52). for providing to 
the input/output means 24 of the first card (52) one or more read commands together with a code 
or codes specifying the data zone or zones (707) of the memory means (22) of the first card (52) 
where the keycode or keycodes required to read data in the particular zone (707) of the second 
card (10) are stored and any keycode or keycodes received by the coupling means (909) for 
transferring such required keycode or keycodes to the reader/writer memory means (906) if the 
keycode or keycodes received by the coupling means (909) match the respective keycode or 
keycodes that are required to read the one or more data zones 707 of the memory means (22) of 
the first card (52) or if no keycodes are required to read such data zones (707), for providing to 
the input/output means (24) of the second card (10) the read command, a code specifying the 
particular data zone (707) and the keycode or keycodes for reading data in the particular zone 
(707) transferred from the memory means (22) of the first card (52) to the reader/writer memory 
means (906). and for transferring any data provided by the input/output means (24) of the second 
card (10) to the reader/writer memory means (906), and 

(e) second means 908 responsive to the coupling means (909) receiving a command to write to 
the second card (10), a code specifying a selected zone (707) in the second card (10) in which 
data is to be written, data to be written in the selected zone (707) and any keycode or keycodes 
to be entered in the first card (52) for providing to the input/output means (24) of the first card 
(52) one or more read commands together with a code or codes specifying the data zone or 
zones (707) of the memory means (22) of the first card (52) where the keycode or keycodes 
required to write data in the selected zone (707) of the second card (10) are stored and any 
keycode or keycodes received by the coupling means (909), for transfem'ng such required 
keycode or keycodes to the reader/writer memory means (906) if the keycode or keycodes 
received by the coupling means (909) match the respective keycode or keycodes that are 
required to read the one or more data zones (707) of the memory means (22) of the first card (52) 
or if no keycodes are required to read such data zones (707). and for providing to the input/output 
means (24) of the second card (10) the write command, a code specifying the selected zone 
(707). the data to be written in the selected zone (707) and the keycode or keycodes required for 
writing data in the selected zone (707) transferred from the memory means (22) of the first card 
(52) to the reader/writer memory (906). 

IC information card system according to claim 10. wherein the memory means (22) of the first card 
(52) includes a first data zone (705) containing an identification code for the card (10) and wherein the 
reader/writer means (14) further comprises third means (908) for reading tfie first zone (705) of the 
memory means (22) of the first card (52) following initial coupling of the first card (52) to the 
reader/writer means (14) and transferring the identification code therein to the reader/writer memory 
means 906 and for reading the first zone (705) of the memory means (22) of the first card (52) each 
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time the coupling means <909) receives a command to read the second card (10) or command to write 
to the second card (10) and comparing the contents read therein with the identification code stored in 
the reader/writer memory means (906), the third means (908) preventing at least reading and writing of 
the memory means (22) of the second card (10) rf the contents of the first data zone (705) of the 
5 memory means (22) of the first card (52) fails to match the identification code stored in the 

reader/writer memory means (906). 

12. An inittalization system (50) for IC information cards each including first means (20) within the card 
responsive to a first command, zone definition data and an entered keycode received by the 

10 input/output means (24) for comparing the entered keycode with a first keycode stored inUne card for 

writing the zone definition data in a first region of the memory means (22) only if the received keycode 
matches the first keycode, the zone definition data comprising one or more zone definition words (701 , 
704) each corresponding to a respective data zone (707) in a second region of the memory means, 
each zone definition word (701 . 704) specifying at least the starting address of the corresponding 

15 data zone (707) and the size of the corresponding data zone (707). and second means (20) within the 

card responsive to a second command, keycode data comprising one or more additional keycodes and 
an entered keycode received by the input/output means (24) for comparing the entered keycode with 
the first keycode and for writing the keycode data in a third region of the memory means only if the 
entered keycode matches the first keycode, and wherein each zone definition word (701. 704) 

20 further specifies that either no keycode or one or more of the first keycode and the additional keycode 
or keycodes are required to be received by the input/output means (24) in order to read data from the 
corresponding zone (707) and either no keycode or one or more of the first keycode and the additional 
keycode or keycodes are required to be received by the input/output means (24) in order to write data 
in the conresponding data zone (707), the system comprising: 

25 input means for receiving one of the cards at a time to be initialised and for coupling to the 

input/output means (24) of the card received thereby; 

initializer memory means for storing the first keycode, appropriate zone definition data and 
additional keycode or keycodes; 

first initializer means for writing the zone definition data stored in the initializer memory means to 

30 the first region of the memory means of the card received by the input means using the first command, 
and the first keycode stored in the Initializer memory means; and 

second initializer means for writing the additional keycode or keycodes stored in the initializer 
memory to the third region of the memory means of the card received by the input means using the 
second command, and the first keycode stored in the initializer memory means. 

35 

13. An IC information card initializer system (50) according to claim 12, wherein the first keycode, the zone 
definition data and the additional keycodes are stored in a master card (52) which is received by the 
input means before receiving the first one of the cards to be initialized and the system further 
comprises third initializer means for transferring the first keycode, the zone definition data and the 

40 additional keycode or keycodes from the master card to the initializer memory means. 

14. An IC information card initialization system (50) according to claim 12. wherein the system further 
comprises automatic feeder means for receiving a multiplicity of the cards to be initialized and for 
feeding the carcis one at a time to the input means and automatic receiving means for receiving a card 

45 after the zone definition data and the additional keycode or keycodes have been written into the 

memory means thereof. 

15. An IC information card initialization system (50) according to claim 12, wherein the card further includes 
third means (20) within the card responsive to a write command, a code specifying a selected one of 

50 the data zones in which data is to be written, data to be written in the selected zone and any entered 
keycode or keycodes received by the input/output means (24) for comparing any entered keycode or 
keycodes with any keycode or keycodes specified as being required to write data in the selected data 
zone (707) and for writing the received data in the selected data zone (707) if the entered keycode or 
keycodes match the keycode or keycodes specified as being required to write data in the selected data 

55 zone or if no keycode is specified as being required to write data in the selected data zone (707), and 
second memory means (19) for storing a file identification code, and wherein the system further 
comprises: 

means for reading the second memory means (19) for obtaining the file identification code of a 
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card received by the input means; 

mass storage means (16) for storing a multiplicity of data files each associated with a respective 
file identification number, each data file having a plurality of data segments corresponding to respective 
data zones (707) of a card (10) as defined by the zone definition data (701, 704) written into the card 
s 1 0 by the first initializer means; 

third initializer means responsive to the file identification code obtained by the means for reading 
the second memory means (19) for searching the data files in the mass storage means (16) for the data 
file associated with that file identification code; and 

fourth initializer means for writing the segments of the associated data file into corresponding data 
10 zones (707) of memory means (22) of the card (10) received by the input means usin^The write 

command and appropriate keycode or keycodes, if any, required for writing data in each corresponding 
data zone (707). 

16. An IC information card initialization system (50) according to claim 15 wherein the second memory 
15 means (19) of the card (10) is a magnetic stripe on the card and the means for reading the second 

memory means is a magnetic stripe reader. 

17. In an IC information card 10 containing a non-volatile memory means 22 having a multiplicity of 
addressable bit storage locations, a method for segmenting a data storage region of the memory 

20 ^ means 22 into a plurality of data zones (707) each having assignable attributes including an assignable 
security access level, the method comprising the steps of: 

defining first, second and third regions in the memory means (22). the third region being the data 
storage region; 

requiring the entry in the card (10) of at least a first keycode for writing in the first and second 
25 regions of the memory means (22); 

writing one or more keycodes in the first region of the memory means by entering the first keycode 
and any additional required keycodes; and 

writing zone definition data in the second region of the memory means (22) by entering the first 
keycode and any additional keycodes, the zone definition data comprising one or more zone definition 
30 words (701, .... 704) each corresponding to a respective data zone (707) in the third region of the 

memory means (22), each zone definition word specifying at least the starting address of the 
corresponding zone (707), the size of the corresponding zone (707) and whether no keycode or one or 
more of the first keycode and the keycode or keycodes in the first region are required to be entered in 
the card (10) to read data in the corresponding data zone (707) and whether no keycode or one or 
35 more of the first keycode and the keycode or keycodes in the first region are required to be entered in 

the card (10) to write data in the corresponding zone (707), 

18. The method according to claim 17 wherein data Is stored in each data zone (707) as successively 
located data records (722, .... 727) and each zone definition word (701, 704) further specifies the 

40 maximum number of data records that can be stored in the corresponding zone (707), the length of the 

data in each data record (722, .... 727) in the corresponding zone (707) and a zone allocation area (721) 
in the memory means (22) for storing data indicative of the location of the next data record (722. 
727) to be stored in the corresponding zone (707). 

45 19- In an IC information card (10) containing a non-volatile memory means (22) having one or more data 
zones (707) each requiring the entry in card (10) of a respective keycode or combination of keycodes 
for reading data in the data zone (707) and a respective keycode or combination of keycodes for writing 
data in the data zone (707). a method for preventing the dissemination of knowledge of the respective 
keycode or keycodes required for reading or writing in the data zones (707) of the card (10) comprising 

50 the steps of: 

storing the respective keycode or keycodes required for reading or writing in the data zones (707) 
of the memory means (22) of the card (10) in a separate control card (52); and 

transferring by two card reader/writer means (14) any required keycode or keycodes from the 
control card (52) to the card (10) when reading or writing of a selected one of the data zones (707) in 
55 the memory means (22) of the card (10) is to be carried out. 
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PatentansprUche 

1. IC-lnformations-Karte mit: 

einer Eingabe/Ausgabe-Einrichtung (24) in der Karte. urn Wenigstens Daten, Befehle und Tastenschlus- 
5 set zu empfangen und um wenigstens Daten t>ereitzustellen: 

einer nicht-flUchtigen Lese/Schreit>-Speicher-Einrichtung (22) in der Karte (10). wobei die Speicherein- 
richtung eine Vielzahl von adressiertjaren Bit-Speicherstellen hat; 

einer ersten Einrichtung (20) in der Karte, die auf einen ersten Befehl. Zonendefinitionsdaten und einen 
von der Eingabe/Ausgabe-Einrichtung (24) eingegebenen TastenschlUssel reagiert. um de n e ingegebe- 

10 nen TastenschlUssel mit einem erst in der Karte gespeicherten TastenschlOssel zu vergleichen, und 
zum Schreiben der Zonendefinitionsdaten in einen ersten Bereich der Speichereinrichtung (22), falls 
der empfangene TastenschlOssel mit dem ersten TastenschlOssel Ut>ereinstimmt. wobei die Zonendefi- 
nitionsdaten ein Oder mehrere Zonendefinitionsworte (701, ... . 704) aufweisen, wobei jedes einer 
jeweiligen Datenzone (707) in einem zweiten Bereich der Speichereinrichtung entspricht, und jedes 

75 Zonendefinitionswort wenigstens die Anfangsadresse der zugehdrigen Datenzone und der GroBe der 

zugehdrigen Datenzone spezifiziert. 

2. IC-lnformations-Karte (10) nach Anspruch 1. 

bei der die Karte desweiteren eine zweite Einrichtung (20) in der Karte aufweist, die auf einen zweiten 
20 Befehl, TastenschlOsseldaten, die wenigstens ein oder mehrere TastenschlOssel aufweisen und einen 

durch die Eingabe/Ausgabe-Einrichtung (24) empfangenen eingegebenen TastenschlOssel reagiert, um 
den eingegebenen TastenschlOssel mit dem ersten TastenschlOssel zu vergleichen, und zum Schreiben 
der TastenschlOsseldaten in einen dritten Bereich der Speichereinrichtung. falls der eingegebene 
TastenschlOssel mit dem ersten TastenschlOssel Obereinstimmt, und wobei jedes Zonendefinitionswort 
25 desweiteren entweder keinen TastenschlOssel Oder einen oder mehrere des ersten TastenschlOssels 
und den oder die zusStzlichen TastenschlOssel als zum Empfang durch die Eingabe/Ausgabe-Einrich- 
tung (24) erforderlich spezifiziert, um Daten von der jeweiligen Zone zu lesen und entweder kein 
TastenschlOssel oder einer oder mehrere der ersten TastenschlOssel und der oder die zusatzlichen 
TastenschlOssel als zum Empfangen durch die Eingabe/Ausgabe-Einrichtung (24) als erforderiich 
30 spezifiziert um Daten in die zugehorige Datenzone zu schreit>en. 

3. IC-lnformations-Karte (10) nach Anspruch 2, 

bei der die Karte desweiteren eine dritte Einrichtung (20) in der Karte aufweist, die von der Einga- 
be/Ausgabe-Einrichtung (24) einen Lesebefehl, einen eine bestimmte der Datenzonen. (707) von der 

35 Daten zu lesen sind. spezifizierenden Code und jeglichen eingegebenen TastenschlOssel oder eingege- 

benen TastenschlOssel empfangen. um jeglichen eingeget>enen TastenschlOssel oder eingegebene 
TastenschlOssel mit einem TastenschlUssel oder TastenschlOsseln zu vergleichen, die als erforderlich 
spezifiziert sind. um dann in der bestimmten Datenzone (707) zu lesen und zum Bereitstellen von 
Daten von der bestimmten Zone an der Eingabe/Ausgabe-Einrichtung (24) falls der eingegebene 

40 TastenschlOssel Oder die eingegebenen TastenschlOssel mit dem TastenschlOssel oder den Tasten- 
schlOsseln Qbereinstimmen, die als erforderlich spezifiziert worden sind, um Daten von der bestimmten 
Datenzone (707) zu lesen. oder falls kein TastenschlOssel als erforderlich spezifiziert worden ist, um 
Daten von der bestimmten Datenzone (707) zu lesen, und wobei die Karte desweiteren eine vierte 
Bnnchtung (20) in der Karte aufweist. die auf einen Schreibt>efehl, einen eine t>estimmte der Datenzo- 

45 nen (707), in die Daten einzuschreit>en sind, spezifizierenden Code, in die ausgewahlte Zone einzu- 

schreit^ende Daten und jeglichen TastenschlOssel oder TastenschlUssel reagiert, um jeglichen eingege- 
benen TastenschlUssel oder TastenschlUssel mit einem TastenschlOssel oder TastenschlOsseln zu 
vergleichen. die als erforderlich spezifiziert worden sind. um Daten in die ausgewahlte Datenzone (707) 
zu schreiben und zum Schreiben der empfangenen Daten in die ausgewahlte Datenzone (707). falls der 

50 eingegebene TastenschlOssel oder die TastenschlOssel mit dem TastenschlUssel oder den Tasten- 
schlOsseln Obereinstimmen. die als erforderiich spezifiziert worden sind. um dann in die ausgewahlte 
Datenzone (707) zu schreiben. oder falls kein TastenschlOssel als erforderiich spezifiziert worden ist, 
um Daten in die ausgewahlte Datenzone (707) zu schreiben. 

55 4. Eine IC-lnformationskarte (10) nach Anspruch 3. 

bei der Daten in jeder Zone (707) als aufeinanderfolgend angeordnete Datensatze (722. .... 727) 
gespeichert werden und jedes Zonendefinitionswort (701. 704) desweiteren die maximale Anzah\ der 
Datensatze, die in der zugehorigen Zone gespeichert werden konnen, die Langen der Daten in jedem 
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Datensatz in der zugehdrigen Zone und einen Zonenzuordnungsbereich (721) in der Speichereinrich- 
tung (22), zum Abspeichern von Daten am Ort des nachsten in der zugehorigen Zone (707) zu 
speichemden Datensatzes anzeigt, spezifiziert. 

IC-lnformationskarte (10) nach Anspruch 4. 

bei der der Zonenzuordnungsbereich (721) in der zugehorigen Zone (707) angeordnet ist und eine 
mehrere aufeinanderfolgende geordnete Bit-Positionen enthalt, die jeweils mit einer zugehdrigen 
Datensatzposition in der Zone verknOpft sind, wobei jede Bit-Position des Zonenzuordnungsbereiches 
(721) einen ersten Oder einen zweiten binSren Zustand aufweist, der davon abhangt ob oder ob nicht 
die Datensatzposition die mit dieser Bit-Position verknOpft ist. jeweils einen Datensatz enthalt, und bei 
der die vierte Bnrichtung (20) desweiteren auf den Inhatt des Zonenzuordnungsbereiches (721) der 
ausgewShlten Zone (707) reagiert. urn einen Datensatz (722. .... 727) in der ausgewShlten Zone in 
dieser Datensatzposition zu schreit>en, die mit der niederwertigsten Bit-Position des Zonenzuordnungs- 
bereiches (721 ) verknOpft ist, die den zweiten binaren Zustand enthalt, und zum Schreiben eines ersten 
binaren Zustandes in diese niederwertigste Bit-Position, die den zweiten binaren Zustand enthalt. 

IC-lnfonnationskarte (10) nach Anspruch 4. 

bei der Jeder Datensatz (722. .... 727), der in einer Datenzone (707) gespeichert ist ein PrOfsummen- 
Byte und ein zweites Zustands-Byte aufweist. das die Gultigkeit der Daten in dem Datensatz (722, .... 
727) anzeigt. 

IC-lnfomaationskarte (10) nach Anspruch 4, 

bei der jedes Zonendefinitionswort (701. 704) desweiteren spezifiziert. pb die der Eingabe/Ausgabe- 
Einrichtung (24) durch die dritte Einrichtung (20) t>ereitgestellten Daten in Antwort auf einen Leset>efehl 
und einen von der zugehorigen Zone (707) zu lesenden Daten spezifizierenden Code nur der letzte 
Datensatz ist. der in die zugehorige Zone (707) oder alle Datensatze (722. .... 727) ist, die in der 
zugehorigen Zone (707) in der Reihenfolge gespeichert sind, in der diese DatensStze (722, ... 727) in 
die zugehorige Zone (707) geschrieben sind. 

IC-lnformationskarte (10) nach Anspruch 3, 

bei der der dritte Bereich der Speichereinrichtung (22) desweiteren eine Vielzahl von aufeinanderfol- 
gend geordneten Sperrzustandsworten enthalt. die ein erstes und ein letztes Sperrzustandswort 
umfassen, wobei jedes Sperrzustandswort eine vort>estimmte Anzahl von aufeinanderfolgend geordne- 
ten Bit-Positionen aufweist, die eine erste und eine letzte Bit-Position umfassen. wobei jede Bit-Position 
jedes Sperrzustandswortes ursprOnglich in einem zweiten binaren Zustand ist, und wobei die Karte 
desweiten erne fUnfte Einrichtung (20) in der Karte aufweist, die auf eine nicht zustandegekommene 
Ubereinstimmung eines eingegebenen TastenschlQssels mit einem in der Karte gespeicherten Tasten- 
schlOssel als Ergebnis eines TastenschlOsselvergleichs reagiert, der durch die erste (20). zweite (20), 
dritte (20) oder vierte (20) Einrichtung ausgefOhrten Vergleiches wurde, urn einen ersten binaren 
Zustand in die niederwertigste Bit-Position zu schreiben, die in dem zweiten binaren Zustand des 
niederwertigsten Verriegelungszustandswortes ist, in der die hochstwertige Bit-Position in dem zweiten 
binaren Zustand ist, wobei die fOnfte Einrichtung (20) auf eine Obereinstimmung eines eingegebenen 
TastenschlQssels mit einem in der Karte gespeicherten TastenschlQssel reagiert, die direkt nach einem 
Fehlschlagen einer Obereinstimmung eines eingegebenen TastenschlQssels mit einem in der Karte 
gespeichertem TastenschlQssel als ein Ergebnis eines Vergleiches der durch die erste (20), zweite 
(20), dritte (20) oder vierte (20) Einrichtung ausgefOhrt wird, um einen ersten binaren Zustand in die 
hochstwertige Bit-Position des Sperrzustandswortes zu schreiben, in die ein erster binarer Zustand 
durch die fOnfte Einrichtung geschrieben worden ist. als Antwort auf das direkt vortiergegangene 
Fehlschlagen einer Ubereinstimmung eines eingegebenen TastenschlQssels mit einem in der Karte 
gespeicherten TastenschtOssel, und dafi die Karte (10) desweiteren eine sechste Einrichtung (20) in der 
Karte aufweist, die auf ein Verriegelungszustandswort. bei dem alle auBer seiner hochstwertigen Bit- 
Position in dem ersten binSren Zustand sind, um die Karte in einen verriegelten Zustand zu bringen. in 
dem wenigstens ein Lese- und Schreibzugriff zu den ersten und zweiten Bereichen der Speicherein- 
richtung (22) verhindert sind. und eine siebte Bnrichtung (20) in der Karte vorgesehen ist. die auf einen 
Entriegelungsbefehl und einen oder mehrere eingegebene TastenschlQssel zum Vergleich des eingege- 
benen Tastenschlussels oder der TastenschlQssel mit einem vorausgewahlten TastenschlQssel oder 
TastenschlQsseIn, die in der Karte (10) gespeichert sind, und zum Schreiben eines binaren Zustands in 
der hochstwertigen Bit-Position des Sperrzustandswortes. bei dem samtliche auBer der hochstwertigen 
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Bit-Position in dem ersten binaren Zustand sind, um die Karte aus ihrem gesperrten Zustand 
freizugeben. falls der eingeget>en6 TastenschlQssel Oder die TastenschlQssel mit einem vorausgewahl- 
ten TastenschlUssel Oder vorausgewahlten Tastenschiussein Qbereinstimnnen. 

9. IC-lnformationskart 10 nach Anspruch 8. 

bei der die ersten (20), zweiten (20), dritten (20), vierten (20). fOnften (20), sechsten (20) und siebten 
(20) Einrichtungen in einem geeignet programmierten Mikroprozessor (20) vorgesehen sind, der 
betriebsmSfiig mit der Bngabe/Ausgabe-Einrichtung (24) verknOpft ist und die Speichereinrichtung (22) 
einen programmierbaren Nur-Lese-Speicher aufweist. der betriebsmSBig mit dem Mikcpprozessor 
verbunden ist. 

10. IC-lnformationskartensystem mit: 

einer ersten (52) und zweiten (10) IC-lnfomr>ationskarte. von denen jede folgendes aufweist: 

a) eine Bngabe/Ausgabe-Einrichtung (24) in der Karte, um wenigstens Daten. Befehle und Tasten- 
schlGssel zu empfangen und wengistens Oaten bereitzustellen, 

b) eine Einrichtung zum Speichern eines ersten Tastenschlussels, 

c) eine nicht-flOchtige Speichereinrichtung (22) in der Karte (10). die einen ersten Bereich hat. um 
einen Oder mehrere TastenschlUssel zu speichern und einen zweiten Bereich. der in eine Vielzahl 
von Datenzonen (701, .... 704) unterteilt ist. wobei jede der Datenzonen (707) definiert ist. um 
entweder keinen TastenschlOssel oder einen oder mehrere spezifizierte des ersten TastenschlOssel 
zu bendtjgen. und der TastenschlOssel oder die TastenschlQssel in dem ersten Bereich gespeichert 
sind, um in die Karte eingegeben zu werden. um Daten in dieser Oatenzone (707) zu lesen, und um 
entweder keinen TastenschlOssel oder einen oder mehrere spezifizierte der ersten Tastenschtussel 
zu benotigen und der TastenschlOssel oder die TastenschlUssel in dem ersten Bereich gespeichert 
sind, um die Karte eingegeben zu werden, um Daten in dieser Datenzone (707) einzuschreiben, 

d) eine erste Einrichtung (20) in der Karte, die auf die einen Lesebefehl empfangende Einga- 
be/Ausgabe-Einrichtung (24) reagiert. ein Code eine bestimmte der Datenzonen (707) spezifiziert. in 
der Daten und jeglicher eingeget>ene TastenschlQssel oder TastenschlQssel zu lesen sind, um 
jeglichen eingegebenen TastenschlOssel oder TastenschlUssel mit einem TastenschlUssel oder 
TastenschlUssel zu vergleichen, die als erforderlich spezifiziert sind, um Daten in der fc>estimmten 
Datenzone (707) zu lesen. und um Daten von der bestimmten Zone (707) an die Bngabe/Ausgabe- 
Einrichtung (24) bereitzustellen. falls der eingegebene TastenschlUssel oder die TastenschlQssel mit 
dem TastenschlQssel oder den Tastenschiussein Ubereinstimmen, die als erforderlich spezifiziert 
sind, um Oaten in der bestimmten Datenzone (707) zu lesen, oder falls kein TastenschlUssel als 
erforderlich spezifiziert ist, um Daten von der bestimmten Oatenzone zu lesen und 

e) eine zweite Bnrichtung (20) in der Karte. die auf die einen Schreibbefehl empfangende Einga- 
be/Ausgabe-Einrichtung (24) reagiert. einen Code, der eine ausgewahlte der Datenzonen (707) 
spezifiziert. in die Daten einzuschreiben sind. in die ausgewahlte Zone (707) einzuschreit»ende Daten 
und jegliche eingegebene TastenschlOssel oder TastenschlQssel zum Vergleichen jegliches eingege- 
benen Tastenschlussels oder Tastenschiussein mit jeglichem TastenschlUssel oder Tastenschius- 
sein, die als erforderlich spezifiziert sind, um Daten in die ausgewahlte Oatenzone (707) zu 
schreiben, und um die empfangenen Oaten in die ausgewahlte Zone (707) zu schreiben, falls der 
eingegebene TastenschlOssel oder die TastenschlUssel mit dem TastenschlUssel oder den Tasten- 
schiussein Ubereinstimmen. die als erforderlich spezifiert sind. um Daten in die ausgewahlte 
Oatenzone (707) einzuschreiben, oder falls kein TastenschlUssel als erforderlich spezifiziert ist, um 
Daten in die ausgewShlte Zone (707) zu schreiben. wobei die Speichereinrichtung der ersten Karte 
(52) eine oder mehrere Datenzonen (707) aufweist. von denen jede eine entsprechende oder eine 
Kombination des ersten TastenschlUssel und des TastenschlUssel oder der TastenschlUssel spei- 
chert. die in dem ersten Bereich der Speichereinrichtung (22) der zweiten Karte (10) gespeichert 
sind; urnd 

eine IC-Karten-Leser/Schreib-Bnrichtung (14) mit: 

a) einem ersten (914) und einem zweiten (915) EinlaB zum Aufnehmen der ersten (52) und 
zweiten (10) Karten. zur jeweiligen Kopplung an die Bngabe/Ausgabe-Einrichtung (24). 

b) einer Kopplungseinrichtung zum Empfangen von wengistens Befehlen. Daten und Tasten- 
schiussein und zum Bereitstellen von wenigsten Daten (909), 

c) einer Leser/Schreib-Speichereinrichtung (906). 

d) einer ersten Einrichtung (908), die auf die Kopplungseinrichtung (909) reagiert, die einen Befehl 
zum Lesen der zweiten Karte (10) empfangt, einen Code, der eine bestimmte Zone (707) in der 
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zweiten Kart© (10) spezifiert, in der Daten zu lesen sind und jegliche der TastenschlUssel oder 
TastenschlUssel in die erste Karte (52) einzugeben sind, urn der Eingabe/Ausgabe-Einrichtung 
(24) der ersten Karte (52) einen oder mehrere Befehle zusammen mit einem Code Oder Codes 
bereitzustellen. die die Datenzone Oder Zonen (707) der Speichereinrichtung (22) der ersten Karte 
(52) spezifieren. wobei der TastenschlOssel Oder die TastenschlUssel, die notwendig sind. um in 
der bestimmten Zone (707) der zweiten Karte (10) Daten zu lesen. gespeichert sind und jeglicher 
TastenschlUssel Oder TastenschlUssel durch die Kopplungseinrichtung (909) empfangen werden, 
um einen derartigen benotigten TastenschlOssel oder TastenschlUssel an die Leser-ZSchreibspei- 
cher-Einrichtung (906) zu Ubertragen. falls der TastenschlOssel oder die TastenschlUssel, die von 
der Kopplungseinrichtung (909) empfangen werden mit einem entsprechenden TastenschlUssel 
Oder TastenschlOsseIn Otjereinstimmen, die erfordertich sind. um eine oder mehrere Datenzonen 
(707) der Speichereinrichtung (22) der ersten Karte (52) zu lesen. oder falls keine TastenschlUssel 
erfordertich sind um derartige Datenzonen (707) zu lesen, zum Bereitstellen eines Lesebefehles 
an die Bngabe/Ausgabe-Einrichtung (24) der zweiten Karte (10). ein Code, der die bestimmte 
Datenzone (707) und den TastenschlUssel oder die TastenschlUssel zum Lesen von Daten in der 
bestimmten Zone (707) spezifiziert, die von der Speichereinrichtung (22) der ersten Karte (52) an 
die Leser-ZSchreibspeicher-Einrichtung (906) Obertragen werden und zum Obertragen jeglicher 
Daten, die durch die Eingabe/Ausgabe-Einrichtung (24) der zweiten Karte (10) an die Leser- 
/Schreibspeicher-Einrichtung (906) l>ereitgestent werden. und 

e) eine zweite Bnrichtung (908), die auf die einen Befehl zu der zweiten Karte (10) zu schreiben 
empfangende Kopplungseinrichtung (909) reagiert, ein Code, der eine ausgewahlte Zone (707) in 
der zweiten Karte (10) festlegt. in die Daten einzuschreiben sind, in die ausgewahlte Zone (707) 
einzuschreibende Daten, und jeglicher in die erste Karte (52) einzugebende TastenschlUssel oder 
einzugebende TastenschlUssel, um die Eingabe/Ausgabe-Einrichtung (24) der ersten Karte mit 
einem oder mehreren Befehlen zusammen mit einem Code oder Codes zu versorgen, die die 
Datenzone oder Zonen (707) der Speichereinrichtung (22) der ersten Karte (52) spezifizieren, 
wobei der TastenschlOssel die TastenschlOssel. die benotigt werden, um Daten in die ausgewShi- 
te Zone (707) der zweiten Karte (10) zu schreiberi. gespeichert werden und jeglicher Tasten- 
schlUssel Oder TastenschlOssel, die durch die Kopplungseinrichtung (909) empfangen werden. um 
einen derartigen benotigten TastenschlOssel oder TastenschlUssel an die Leser-ZSchreibspeicher- 
Einrichtung (906) weiterzuleiten. falls der TastenschlUssel oder die TastenschlUssel. die von der 
Kopplungseinrichtung (909) empfangen werden, mit dem entsprechenden TastenschlUssel oder 
TastenschlOsseIn Ubereinstimmen, die erforderlich sind, um eine oder mehrere Datenzonen (707) 
der Speichereinrichtung (22) der ersten Karte (52) zu lesen. oder falls keine TastenschlUssel 
erforderiich sind, um derartige Datenzonen (707) zu lesen, und um der Eingabe/Ausgabe- 
Einrichtung (24) der zweiten Karte (10) den Schreibbefehl. einen Code, der die ausgewahlte Zone 
(707) spezifiziert, die in die ausgewahlte Zone (707) zu schreibenden Daten und den Tasten- 
schlUssel Oder die TastenschlUssel, um Daten in die ausgewahlte Zone (707) zu schreiben 
bereitzustellen, die von der Speichereinrichtung (22) der ersten Karte (52) zu dem Leser- 
/Schreibspeicher (906) Obertragen werden. 

11. IC-lnfonmationskartensystem nach Anspruch 10, 

bei dem die Speichereinrichtung (22) der ersten Karte (52) eine erste Datenzone (705) aufweist, die 
einen Identrfizierungscode fUr die Karte (10) enthSrt, und bei der die Leser-/Schreibeinrichtung (14) 
desweiteren eine dritte Bnrichtung (908) aufweist, um die erste Zone (705) der Speichereinrichtung (22) 
der ersten Karte (52) zu lesen, nach einem anfanglichen Koppein der ersten Karte (52) an die Leser- 
ZSchreibeinrichtung (14) und einem Obertragen des Identifizierungscode darin zu der Leser-/Schreit>- 
speichereinrichtung (906), und um die erste Zone (705) der Speichereinrichtung (22) der ersten Karte 
(52) jedesmal zu lesen. wenn die Kopplungseinrichtung (909) einen Befehl erhalt. die zweite Karte (10) 
zu lesen oder einen Befehl in die zweite Karte (10) zu schreiben und den darin gelesenen Inhalt mit 
dem Identifikationscode zu vergleichen. der in der Leser-ZSchretbspeichereinrichtung (906) gespeichert 
ist, wobei die dritte Einrichtung (908) wenigstens ein Lesen und ein Schreiben der Speichereinrichtung 
(22) der zweiten Karte (10) verhindert. falls der Inhalt der ersten Datenzone (705) der Speichereinrich- 
tung (22) der ersten Karte nicht mit dem Identifikationscode Obereinstimmt. der in der Leser-ZSchreib- 
speichereinrichtung (906) gespeichert ist. 

12. Initialisierungssystem (50) fUr IC-Informationskarten. die jeweils eine erste Einrichtung (20) in der Karte 
aufweisen, die auf einen ersten Befehl. Zonendefinitionsdaten und einen von der Eingat^Ausgabe- 
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Bnrichtung (24) empfangenen eingegebenen Tastenschlussel reagiert. um den eingegebenen Tasten- 
schlUsset mil einem ersten TastenschtUssel zu vergleichen. der in der Karte gespeichert ist. um die 
Zonendefinitionsdaten in einem ersten Bereich der Speichereinrtchtung (22) nur dann einzuschrerben, 
falls der empfangene TastenschlOssel mit dem ersten TastenschlUssel ubereinstimmt, wobei die 
Zonendefinitionsdaten eine Oder mehrere Zonendefinitionsworte (701, 704) aufweisen, von denen 
jedes einer jeweiiigen Oatenzone in einem zweiten Bereich der Speichereinrichtung entspricht. wobei 
jedes Zonendefinitionswort (701 , 704) wenigstens die Anfangsadresse der zugefiorigen Datenzone 
(707) und die GrdBe der zugehorigen Datenzone (707) speztfiziert, und eine zweite Einrichtung (20) in 
der Karte auf einen zweiten Befeht reagiert TastenschlUsseldaten einen oder mehrere j^jStStzliche 
TastenschlUssel und einen eingegebenen TastenschlUssel aufweisen, der von der Bngabe/Ausgabe- 
Bnrichtung (24) zum Vergleichen des eingegebenen TastenschlUssels mil dem ersten TastenschlUssel 
und zum Schreiben der TastenschlUsseldaten in einen dritten Datenbereich der Speichereinrichtung nur 
dann, wenn der eingegebene TastenschlUssel mit dem ersten TastenschlUssel Ubereinstimmt. und 
wobei jedes Zonendefinitionswort (701. 704) desweiteren festlegt, dafi entweder kein TastenschlUs- 
sel Oder einer oder mehrere der ersten Tastenschlussel und der zusatzliche Tastenschlussel oder die 
zusatzlichen TastenschlUssel notwendig sind, um von der Eingabe/Ausgabe- Einrichtung (24) empfan- 
gen zu werden, um Oaten von der zugehorigen Zone (707) zu lesen und entweder kein TastenschlOssel 
Oder einer oder mehrere der ersten TastenschlUssel und der zusatzliche TastenschlUssel Oder die 
zusatzlichen TastenschlUssel von der Eingabe/Ausgabe-Elnrichtung (24) empfangen werden mUssen, 
um Daten in die entsprechende Datenzone (707) zu schreiben, wobei das System folgendes aufweist: 
eine Eingabe-Einrichtung zum Aufnehmen jeweils einer Karte zu einem Zeitpunkt. um initialisiert zu 
werden und zum Koppein der Eingabe/Ausgabe-Einrichtung (24) der dabei aufgenommenen Karte; 
eine Initialisierungsspeichereinrichtung zum Speichern des ersten TastenschlUssels, geeigneter Zonen- 
definitionsdaten und eines zusatzlichen TastenschlUssels oder zusatzlicher TastenschlUssel; 
einer ersten Initialisierungseinrichtung zum Schreiben der Zonendefinitionsdaten, die in der Initialisle- 
rungsspeichereinrichtung gespeichert sind. in den ersten Bereich der Speichereinrichtung der Karte, die 
durch die Eingabeeinrichtung aufgenommen ist. unter Verwendung des ersten Befehles urKi des ersten 
TastenschlUssels, der in der Intialisierungsspeichereinrichtung gespeichert ist; und 
eine zweite Initialisierungseinrichtung zum Schreiben des zusatzlichen TastenschlUssels oder zusatzli- 
cher TastenschlUssel, die in dem Initialisierungsspeicher gespeichert sind, in den dritten Bereich der 
Speichereinrichtung der Karte. die von der Eingabe-Einrichtung aufgenommen ist, unter Verwendung 
des 2welten Befehles und des ersten Tastenschlussel, der in der Initialisierungsspeichereinrichtung 
gespeichert ist. 

13. IC-lnformationskarteninrtialtsiertungssystem (50) nach Anspruch 12, bei dem ein erster TastenschlUssel. 
die Zonendefinitionsdaten und die zusatzlichen Tastenschlussel in einer Hauptkarte (52) gespeichert 
sind, die in der Aufnahmeeinrichtung aufgenommen ist, bevor die erste der zu initialisierenden Karten 
aufgenommen ist, und das System desweiteren eine dritte Initialisierungseinrichtung aufweist, um den 
ersten Tastenschlussel, die Zonendefinitionsdaten und den zusatzlichen oder die zusatzlichen Tasten- 
schlUssel von der Kauptkarte in die Initialisierungsspeichereinrichtung zu Obertragen. 

14. IC-lnformationskarteninitialisioningsysystem (50) nach Anspruch 12, t>ei der das System desweiteren 
eine automatische Zufuhreinrichtung aufweist, um eine VIelzahl der zu initialisierenden Karten aufzuneh- 
men und um die Karten eine nach der anderen der Aufnahmeeinrichtung zuzufuhren und eine 
automatischen Empfangseinrichtung, um eine Karte zu empfangen, nachdem die Zonendefinitionsdaten 
und der zusatzliche oder die zusatzlichen Tastenschlussel in ihre Speichereinrichtung geschrieben 
worden sind. 

15. IC-lnformationskarteninitialisierungsysystem (50) nach Anspruch 12, bei der die Karte desweiteren eine 
dritte Einrichtung (20) in der Karte aufweist, die auf einen Schreibbefehl reagiert. einen Code, der eine 
ausgewahlte der Datenzonen in die Daten einzuschreiben sind spezifiziert in die ausgewahlte Zone 
einzuschreibende Daten und ieglichen eingeget>enen TastenschlUssel oder TastenschlUssel. die von 
der Eingabe/Ausgabe-Einrichtung (24) empfangen worden sind, um jeglichen eingegebenen Tasten- 
schlUssel Oder TastenschlOssel mit einem Tastenschlussel oder TastenschlUssel, die als erforderiich 
speztfiziert worden sind, um Daten in die ausgewahlte Datenzone (707) zuschreiben, zu vergleichen 
und um die empfangenen Daten in die ausgewahlte Datenzone (707) einzuschreiben, falls der 
eingegebene TastenschlUssel oder die Tastenschlussel mit dem Tastenschlussel oder den Tasten- 
schlussetn Ubereinstimmen, die als erforderiich spezifiziert worden sind. um Daten in die ausgewahlte 
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Datenzone einzuschreiben. oder falls kein Tastenschlussel als erforderlich spezifiziert worden ist. um 
Oaten in die ausgewahrte Datenzone (707) zu schreiben. und eine zweite Speichereinrichtung (19), um 
einen Datei-ldentifizierungscode zu speichern. und wobei das Systenn desweiteren umfaBt: 
eine Einrichtung zum Lesen der zweiten Speichereinrichtung (19), um den Datei-ldentitikationscode 
einer von der Aufnahmeeinrichtung aufgenommenen Karte zu erhalten; 

eine Massenspeichereinrichtung (16). um eine Vielzahl von Daten-Dateien zu speichern, die jeweils mit 
einer entsprechenden Datei-ldentifikationsnummer verknOpft sind. wobei jede Daten-Datei eine Vielzahl 
von Datensegmenten hat. die entsprechenden Datenzonen (707) einer Karte (10) entsprechen, wie sie 
durch die Zonendefinitionsdaten (701. .... 704). die in die Karte (10) durch die ersten Initialisierungsein- 
richtung eingeschrieben sind, definiert sind; 

eine dritte Initialisierungseinrichtung. die auf den Oateienidentifikationscode reagiert, der von der 
Leseeinrichtung der zweiten Speichereinrichtung (19) erhalten worden ist, um die Daten-Dateien in der 
Massenspeichereinrichtung (16) fUr die Daten-Dateien mit dem Datei-ldentifikationscode zu durchsu- 
chen; und 

eine vierte Initialisierungseinrichtung, um die Segmente der zugehorigen Daten-Dateien in entsprechen- 
de Datenzonen (707) der Speichereinrichtung (22) der Karte (10) zu schreiben. die in der Aufnahmeein- 
richtung aufgenommen ist. unter Venwendung des Schreibbefehls und einem entsprechenden Tasten- 
schlOssel Oder TastenschlUssel, falls diese erforderiich sind. um Daten in jede zugehSrige Datenzone 
(707) zu schreiben. 

16. IC-lnfomiationskarteninitialisierungssystem (50) nach Anspruch 15, bei der die zweite Speichereinrich- 
tung (19) der Karte (10) ein Magnetstreifen auf der Karte und die Einrichtung zum Lesen der zweiten 
Speichereinrichtung ein Magnetstreifenleser ist. 

17, In einer IC-lnformationskarte (10). die eine nicht-flUchtige Speichereinrichtung (22) aufweist, die eine 
Vielzahl von adressierbaren Bit-Speicherstellen hat, ein Verfahren zu Segmentierung eines Datenspei- 
cherbereiches der Speichereinrichtung (22) in eine Vielzahl von Datenzone (707), wobei jede zuweisba- 
re Attribute, inklusive einer zuweisbaren Sicherheitszugriffsebene untfaBt, wobei das Verfahren dfe 
folgenden Schritte umfaBt: 

Definieren erster, zweiter und dritter Bereiche in der Speichereinrichtung (22), wobei der dritte Bereich 
der Datenspeicherbereich ist; 

Benotigen der Eingabe in die Karte (10) wenigstens eines ersten Tastenschlussels, um in den ersten 
Oder in den zweiten Bereich der Speichereinrichtung (22) zu schreiben; 

Schreiben wenigstens eines oder mehrerer Tastenschlussel in den ersten Bereich der Speichereinrich- 
tung durch Eingeben des ersten TastenschlUssels und jegiicher zusatzlich erforderiichen TastenschlQs- 
sel; und 

Schreiben von Zonendefinitionsdaten in den zweiten Bereich der Speichereinrichtung (22) durch 
Eingeben des ersten TastenschlUssel und jegiicher zusatzlicher TastenschlUssel, wobei die Zonendefi- 
nitionsdaten ein Oder mehrere Zonendefinitionsworte (701, .... 704) aufweisen, von denen jedes einer 
entsprechenden Datenzone (707) in dem dritten Bereich der Speichereinrichtung (22) entspricht, wobei 
jedes Zonendefinitionswort wenigstens die Anfangsadresse der entsprechenden Zone (707). die Grofle 
der entsprechenden Zone (707). und ob kein TastenschtOssel oder ein oder mehrere des ersten 
TastenschlUssels und der TastenschlUssel oder die TastenschlUssel in dem ersten Bererch in die Karte 
(10) einzugeben notwendig sind. spezifiziert, um Daten in der entsprechenden Datenzone (707) zu 
lesen, und ob kein TastenschlQssel oder einer oder mehrere des ersten TastenschlUssels und der 
TastenschlUssel oder die TastenschlUssel in dem ersten Bereich in die Karte (10) einzugeben 
erforderiich sind, um Daten in die zugehorige Zone (707) zu schreiben. 

ia Vertahren nach Anspmch 17, bei dem Daten in jeder Datenzone (707) als aufeinanderfolgend angeord- 
nete Datensatze (722. 727) gespeichert sind, und jedes Zonendefinitionswort (701. .... 704) 
desweiteren die maximale Anzahl von Datensatzen. die in der zugehorigen Zone (707) gespeichert 
werden konnen, die LSnge der Daten in jedem Oatensatz (722, .... 727) in der zugehorigen Zone (707) 
und einen Zonenzuordnungsbereich (721) in der Speichereinrichtung (22) spezifiziert, um Daten zu 

speichem. die den Ort des nachsten Datensatzes (722 727) angeben, die in der zugehorigen Zone 

(707) gespeichert sind. 

19. In einer IC-lnformationskarte (10). die eine nichtfluchtige Speichereinrichtung (22) aufweist, die eine 
Oder mehrere Datenzonen (707) hat. von denen jede die Eingabe eines entsprechenden TastenschlOs- 
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sel Oder einer Kombination von TastenschlUsseIn erfordert. urn Oaten in der Oatenzone (707) zu lesen 
und einen entsprechenden TastenschlQssel oder eine Kombtnation von TastenschlUsseIn erfordert, um 
Oaten in die Oatenzone (707) zu schretben, ein Verfahren. um das Verbreiten des jeweiligen Tasten- 
schlussels Oder der TastenschlQssel, die erforderlich sind. um die Oatenzonen (707) der Karte zu lesen 
5 Oder zu beschreiben. zu vermeiden, mrt folgenden Schritten: 

Speichem des entsprechenden TastenschlUssels Oder der Tastenschlussel, die notwendig sind, um die 
Datenzonen (707) der Speichereinrichtung (22) der Karte (10) zu lesen oder zu beschreiben. in einer 
getrennten Steuerkarte (52); und 

Obertragen eines notwendigen TastenschlQssels oder TastenschlUssel aus der Steuerkarte^ |52) in die 
10 Karte (10) durch zwei Lese-/Schreib-Einrichtungen (14), indem eine ausgewahtte der Datenzonen (707) 

in der Speichereinrichtung (22) der Karte (10) gelesen oder beschrieben wird, auszufUhren ist. 

Revendlcations 

75 1. Une carte de support d'information sous forme de circuit integr^ (10). comprenant : 

des moyens d'entr^e/sortie (24) dans la carte, pour recevoir au moins des donn^es. des ordres et 
des codes et pour foumir au moins des donn^es ; 

des moyens de m6moire non volatile, fonctionnant en lecture/ Venture (22). incorpor^s dans la 
carte (10), ces moyens de m^moire ayant une multiplicity de positions d'enregistrement de bits 
20 adressables ; 

des premiers moyens (20) incorpor^s dans la carte, r^agissant a un premier ordre, ^ des donn^es 
de definition de zone et ^ un code introduit. qui sont reQus par les moyens d'entr^e/sortie (24), en 
comparant le code introduit avec un premier code enregistr^ dans la carte, et en ecrivant les donn^es 
de definition de zone dans une premiere region des moyens de m^moire (22) seulement si le code 
25 resu Concorde avec le premier code, les donnees de definition comprenant un ou plusieurs mots de 

definition de zone (701, .... 704), correspondant chacun h une zone de donndes respective (707) dans 
une seconde^ region des^.moyens de n>emoire. chaque mot de definition de zone specrfiant au moins 
radresse de ci^birt de la zone die donnees correspondante et la taille de cette zo^^ 

30 2. Une carte de support d*infonnr>ation circuit integre (10) selon la revendication 1, dans taquelle la carte 
comprend en outre des seconds moyens (20) incorpores dans ta carte, qui reagissent a un second 
ordre, a des donr^es de code comprenant un ou plusieurs codes supple mentaires et a un code 
introduit, qui sont regus par les moyens d*entree/sortie (24), en comparant le code introduit avec le 
premier code, et en ecrivant les donnees de code dans une troisieme region des moyens de memoire 

35 seulement si le code introduit Concorde avec le premier code et dans laquelle chaque mot de definition 

de zone definit en outre, soit aucun code soit un ou plusieurs codes parmi le premier code et le ou les 
codes de cle suppiementaires qui doivent etre regus par les moyens d'entree/sortie (24) pour lire des 
donnees dans la zone correspondante. et soit aucun code, soit un ou plusieurs codes parmi le premier 
code et le code ou les codes suppiementaires qui doivent etre regus par les moyens d' entree/sortie 

40 (24) pour ecrire des donnees dans la zone de donnees correspondante. 

3. Une ccirte de support d'information 2i circuit integre (10) selon la revendication 2, dans laquelle la carte 
comprend en outre des troisifemes moyens (20) incorpores dans la carte qui reagissent au fait que les 
moyens d'entree/sortie (24) regoivent un ordre de lecture, un code specifiant Tune particuli^re des 

45 zones de donnees (707) dans laquelle des donnees doivent etre lues, et un ou plusieurs codes 
introduits quelconques, en comparant un ou plusieurs codes introduits quelconques avec un ou 
plusieurs codes quelconques qui sont definies com me etant exiges pour lire des donnees dans la zone 
de donnees particuliere (707) et en fournissant des donnees aux moyens d'entree/sortie (24) a partir de 
la zone particuliere si le code ou les codes qui sont introduits concordent avec le code ou les codes 

50 qui sont definies comme etant exiges pour lire des donnees k partir de la zone de donnees particuliere 

(707), ou si aucun code n'est defini comme etant exige pour lire des donnees dans la zone de donnees 
particuliere (707), et dans laquelle la carte comprend en outre des quatriemes moyens (20) incorpores 
qui reagissent au fait que les moyens d'entree/sortie (24) regoivent un ordre d' ecriture. un code 
specifiant I'une des zones de de donnees (707) seiectionnee dans laquelle des donnees doivent etre 

55 ecrites, des donnees h ecrire dans la zone seiectionnee, et un code ou des codes introduits 

quelconques, en comparant un code ou des codes introduits quelconques avec un code ou des codes 
quelconques definies comme etant exiges pour ecrire des donnees dans la zone de donnees 
seiectionnee (707). et en ecrivant les donnees regues dans la zone de donnees seiectionnee (707) si le 
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code ou les codes introduits concordent avec le code ou les codes de cl4 qui sont d^finies comme 
^tant exig^s pour €crire des donndes zone de donnees selectionn^e (707), ou si aucun code n'est 
defini comme 6ian\ ex\Q6 pour ^crire des donnees dans la zone de donn§es selectionn^e (707). 

4. Une carte de support d'information ^ circuit int^gre (10) selon ia revendication 3, dans laquelle des 
donnees sont enregistr^es dans chaque zone de donnees (707) sous la forme d'enregistrements de 
donnees (722, .... 727) places en succession, chaque mot de definition de zone (701. .... 704) 
defini ssant en outre le nombre maximaJ d'enregistrements de donnees qui peuvent §tre enregistr^s 
dans la zone correspondante, la longueur des donnas dans chaque enregistrement de donnees dans 
la zone correspondante et une region d'allocation de zone (721) dans les moyens de nr>emoire (22), 
pour enregistrer des donnees indiquant Templacement de i'enregistrement de donnees suivant, ^ 
enregistrer dans la zone correspondante (707). 

5. Une carte de support dinformation ^ circuit int^gr^ (10) selon la revendication 4. dans laquelle la 
region d'allocation de zone (721) est situ^e dans la zone correspondante (707) et contient une ou 
plusieurs positions de bits, ordonn^es en succession, chacune d'elles 4tant assod^e h une position 
d'enregistrement de donnees respective dans la zone, chaque position de bit de la region d*attribution 
de zone (721) contenant un premier ou un second 4xaX binaire selon que la position, d'enregistrement 
de donnees associ^e h cette position de bit contient ou non. respectivement. un enregistrement de ces 
donnees, et dans laquelle les quatrifemes moyens (20) reagissent en outre au contenu de la region 
d'allocation de zone (721) de la zone s^lectionn^e (707), en ecrivant un enregistrement de donnees 

(722 727) dans la zone sdlectionn^e dans la position d'enregistrement de donnees dans cette zone 

associ^e ^ la position de bit d'ordre le plus bas de la region d'allocation de zone (721) se trouvant 
dans la zone s^lectionn^e, qui contient le second etat binaire. et en Ecrivant un premier ^tat binaire 
dans cette position de bit d'ordre le plus bas contenant le second 6tat binaire. 

6. Une carte de support d'information ^ circuit int^r6 (10) selon la revendication 4, dans laquelle chaque 
enregistrement de donnees . (722, .... 727) enregistr^ dans une. zone de donndes (707), contient un 
multiplet de controle de sommation et un second multiplet d'etat, indiquant la validity des donnees 
dans Tenregistrement de donnees (722, .... 727). 

7. Une carte de support d'information ^ circuit int^gr^ (10) selon la revendication 4, dans laquelle chaque 
mot de definition de zone (701. .... 704) specHie en outre si les donnees qui sont foumies aux moyens 
d 'entree/sortie (24) par les troisi^mes moyens (20) sous la dependance d'un ordre de lecture et d'un 
code sp^cifiant des donnees ^ lire dans la zone correspondante (707). sont seulement le dernier 
enregistrement de donnees 5i ^crire dans la zone correspondante (707), ou sont tous les enregistre- 
ments de donnees (722. .... 727) enregistr^s dans la zone correspondante (707), dans Tordre dans 
lequel ces enregistrements de donnees (722, .... 727) sont Merits dans cette zone (707). 

a Une carte de support d'information k arcuit integr^ (10) selon la revendication 3, dans laquelle la 
troisidme region des moyens de m^moire (22) comprend en outre un ensemble de mots d'dtat de 
verrouillage. ordonn^s en succession, comprenant un premier et un dernier mot d'etat de verrouillage, 
chaque mot d'etat de verrouillage ayant un nombre predetermine de positions de bits ordonnees en 
succession, comprenant une premifere et une derni^re position de bit, chaque position de bit de chaque 
mot d'etat de verrouillage etant initialement dans un second etat binaire, et dans laquelle la carte 
comprend en outre des dnquifemes moyens (20) incorpores deins la carte, qui riagissent au fart qu'un 
code introduit ne concorde pas avec un code enregistre dans la carte, d'apr^s le resultat d'une 
comparaison de codes effectuee par les premiers (20), seconds (20), troisifemes (20) ou quatriemes 
moyens (20), en ecrivam un premier etat binaire dans la position de bit d'ordre le plus bas qui est dans 
le second etat binaire dans le mot d'etat de verrouillage d'ordre le plus bas dans lequel la position de 
bit d'ordre le plus eieve est dans le second etat binaire. les cinquiemes moyens (20) reagissant h une 
concordance entre un code introduit et un code enregistre dans la carte, qui se product directement 
apres une discordance entre un code introduit et un code enregistre dans la carte d'aprfes le resultat de 
la comparaison effectuee par les premiers (20), seconds (20), troisi^mes (20) ou quatriemes moyens 
(20). en ecrivant un premier etat binaire dans la position de bit d'ordre le plus eieve du mot d'etat de 
verrouillage dans lequel un premier etat binaire a ete ecrit par les cinquiemes moyens (20) sous I'effet 
de la discordance immediatement precedente entre un code introduit et un code enregistre dans la 
carte (10). dans laquelle la carte (10) comprend en outre des sixi^mes moyens (20) incorpores dans la 



42 



EP 0 271 495 Bl 



carte, qui rdagissent au fait qu*un mot d*^tat de venrouillage a toutes ses positions de bits dans le 
premier €tat binaire. h Texception de sa position de bit d'ordre le plus 6leve. en plagant la carte deins 
un 6xai verrouill^ dans lequel au moins des operations d'acc^s de lecture et d'^criture aux premiere et 
seconde regions des moyens de m^moire' (22) sent interdites, et des septiemes moyens (20), 
incorpor^s dans ta carte, qui r^agissent ^ un ordre de d^verrouillage et h un ou ptusieurs codes 
introduits, en comparant le code ou les codes introduits avec un code ou des codes pr^selectionn^s 
qui sent enregistr^s dans la carte (10), et en ^crivant un premier 6xaX binaire dans la position de bit 
d'ordre te plus 6lev^ du mot d*^tat de verrouillage ayant toutes ses positions de bit dans le premier ^tat 
binaire. h Texception de sa position de bit d*ordre le plus 6\ev6, afin de faire sortir la carte de T^tat 
verrouill^, si te code ou les codes qui sont introduits concordent avec le code ou les codes 
pr^s^lectionr^^s, 

9- Une carte de support d'infonmation k circuit integre (10) selon la revendication 8, dans laquelle les 
premiers (20), seconds (20). trotsiemes (20), quatriemes (20). cinquidmes (20), sixiemes (20) et 
septiemes moyens (20) sont inclus dans un microprocesseur (20), programme de fagon appropri^e. 
connect^ fonctionnellement aux moyens d'entree/sortie (24), les moyens de memoire (22) contenant 
une memoire morte programmable, qui est connectee fonctionnellement au microprocesseur. 

10. Un systeme de cartes de support d'information a circuit integr6 comprenant : 

une premifere (52) et une seconde (10) cartes d'information h circuit Integra, ayant chacune : 

(a) des moyens d'entr^e/sortie (24) incorpores dans la carte pour recevoir au moins des donnees. 
des ordres et des codes et pour foumir au moins des donnees, 

(b) des moyens enregistrant un premier code 

(c) des moyens de memoire non volatile (22) incorpores dans la carte (10). ayant une premiere 
region pour enregistrer un ou plusteurs codes et une seconde region segment^e en un ensemble de 
zones de donnees (701. .... 704), chacune des zones de donnees (707) 4tant definle comme 
exigeantJ'intrpduction.darwJa^ code soit^d'un ou de pjusieurs codes d^finis parmi 
le premier code et le code cmj les codes qui sont enregi^tr^s dans la premiere r^ion, pour lire des 
donnees dans cette zone de donnees (707), et comme exigeant Tintroduction dans la carte, soit 
d'aucun code soit d'un ou de plusieurs codes definis parmi le premier code et le code ou les codes 
qui sont enregistr^s dans la premiere region, pour ecrire des donnees dans cette zone de donnees 
(707). 

(d) des premiers moyens (20) incorpores dans la carte, qui rSagissent au fait que fes moyens 
d'entr^e/sortie (24) regoivent un ordre de lecture, un code sp^cifiant Tune particuliere des zones de 
donnees (707) dans laquelle des donnees doivent etre lues, et un code ou plusieurs codes introduits 
quelconques, en comparant un code ou plusieurs codes introduits quelconques avec un code ou 
plusieurs codes quelconques definis comme etant exiges pour lire des donnees dans la zone de 
donnees particuliere (707), el en foumissant des donnees aux moyens d*entree/sortle (24) h partir de 
ta zone particuliere (707) si le code ou les codes qui sont introduits concordent avec le code ou les 
codes qui sont definis comme ^tant exiges pour lire des donnees dans la zone particuliere (707), ou 
si aucun code n'est d^fini comme ^tant exige pour lire des donnees dans cette zone, el 

(e) des seconds moyens (20) incorpores dans la carte, qui r^agissent au fait que les moyens 
d'entr^e/sorti'e (24) regoivent un ordre d'ecriture, un code sp^cifiant Tune selectionn^e des zones de 
donnees (707) dans laquelle des donnees doivent etre ^crites. des donndes St Ecrire dans la zone 
s^lectionn^e (707). et un code ou plusieurs codes introduits quelconques. en comparant un code ou 
plusieurs codes introduits quelconques avec un code ou plusieurs codes quelconques definis 
comme ^tant exiges pour Ecrire des donnees dans la zone de donnees s^lectionnees (707). et en 
ecrivant les donnees regues dans la zone selectionnee (707) si le code ou les codes qui sont 
introduits concordent avec le code ou les codes definis comme €tant exiges pour dcrire des 
donnees dans la zone de donndes selectionnee (707), ou si aucun code n'est defini comme etant 
exige pour Ecrire des donnees dans la zone selectionnee (707), les moyens de memoire de la 
premiere carte (52) contenant une ou plusieurs zones de donnees (707) enregistrant chacune un 
code respectif ou une combinaison du premier code et du code ou des codes qui sont enregistr^s 
dans la premiere region des moyens de memoire (22) de la seconde carte (10) ; et 

des moyens lecteurs/enregistreurs de carte (1 4) ayant : 
(a) des premier (914) et second acces (915) pour recevoir respectiVement la premiere carte (52) 
et la seconde carte (10), et pour etre couples aux moyens d'entree/sortie (24) de celles-ci, 
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(b) des moyens de couplage pour recevoir au moins des ordres, des donn^es et des codes et 
pour toumir au moins des donn^es (909), 

(c) des moyens de m^moire h lecteur/enregistreur (906). 

(d) des premiers moyens (908) r^agissant au fait que les moyens de couplage (909) re^oivent un 
ordre de lecture de la seconde carte (10). un code specrfiant une zone particulifere (707) dans la 
seconde carte (10) dans laquelle des donn^es doivent etre Rentes, et un code ou plusieurs codes 
quelconques ^ introduire dans la premi&re carte (52). en fournissant aux moyens d'entr^e/sortie 
(24) de la premifere carte (52) un ou plusieurs ordres de lecture accompagn^s d'un code ou de 
plusieurs codes d^finissant la zone ou les zones de donndes (707) des moyens de mdmoire (22) 
de la premiere carte (52) dans lesquelles le code ou les codes qui sont exig^s pour lire des 
donn^es dans la zone particulifere (707) de la seconde carte (10) sont enregistr^s, et un code ou 
plusieurs codes quelconques regus par les moyens de couplage (909), en transf^rant ce code ou 
ces codes exig^s vers les moyens de m^moire h lecteur/enregistreur (906) si te code ou les 
codes regus par les moyens de couplage (909) conccrdent avec le code ou les codes respectifs 
qui sont exig^s pour lire la zone ou les zones de donnees (707) des moyens de nri^moire (22) de 
la premiere carte (52), ou si aucun code n'est exige pour lire de telles zones de donnees (707), 
en fournissant aux moyens d'entr^e/sortie (24) de la seconde carte (10) I'ordre de lecture, un 
code specrfiant la zone de donnees particulifere (707) et le code ou les codes pour la lecture de 
donnees dans la zone particuli&re (707) qui sont transferees h partir des moyens de m^moire (22) 
de la premiere carte (52). vers les moyens de m^moire h lecteur/enregistreur (906), et en 
transf^rant des donnees quelconques qui sont foumies par les moyens d'entr^e/ sortie (24) de la 
seconde carte (10) vers les moyens de memoire a lecteur/enregistreur (906), et 

(e) des seconds moyens (908) qui r^agissent au fait que les moyens de couplage (909) regoivent 
un ordre demandant d'^crire dans la seconde carte (10). un code d^finissant une zone s^lection- 
n4e (707) dans la seconde carte (10) dans laquelle des donnees doivent etre Rentes, des 
donndes k 4cnre dans la zone seiectionn^e (707) et un code ou plusieurs codes quelconques h 
introduire ^dans^ta premiere carte (52), ©n foumissant aux moyens d'ontree/sortio (24) de la 
premiere carte (J52) un ou plusieurs ordres d6 lecture ainsi qu'un code ou plusieurs codes 
specifiant la zone ou les zones de donnees (707) des moyens de memoir© (22) de la premiere 
carte (52) dans lesquelles le code ou les codes qui sont exig^s pour 6crire des donnees dans la 
zone s^lectionnee (57) de la seconde carte (10) sont enregistr^s. et un code ou plusieurs codes 
quelconques qui sont regus par les moyens de couplage (909). en transferant ce code ou ces 
codes exig^s vers les moyens de m^moire i lecteur/enregistreur (906) si le code ou les codes 
qui sont regus par les moyens de couplage (909) concordent avec le code ou les codes 
respectifs qui sont exig^s pour lire la zone ou les zones de donnees (707) des moyeris de 
m^moire (22) de la premiere carte (52). ou si aucun code n'est exig^ pour lire de telles zones de 
donnees (707), et en fournissant aux moyens d'entree/sortie (24) de la seconde carte (10) Tordre 
d'^criture. un code sp^cifiant la zone seiectionn^e (707), les donnees ^ 4cr\re dans la zone 
seiectionn^e (707) et le code ou les codes qui sont exiges pour ^crire des donnees dans la zone 
s^lectionnee (707). qui sont transf^r^s k partir des moyens de m^moire (22) de la premifere carte 
(52) vers la m^moire h lecteur/enregistreur (906). 

Un syst&me de cartes de support d'information k circuit int^gr^ selon la revendication (10). dans lequel 
les moyens de m^moire (22) de la premiere carte (52) comprennent une premiere zone de donndes 
(705) contenant un code d'identification pour la carte (10), et dans lequel les moyens lec- 
teurs/enregistreurs (14) comprennent en outre des troisifemes moyens (908) pour lire la premiere zone 
(705) des moyens de memoire (22) de la premiere carte (52) k la suite du couplage inrtial de la 
premiere carte (52) aux moyens lecteurs/enregistreurs (14). et pour transferer le code d'identification 
qu'elle content vers les moyens de memoire h lecteur/enregistreur (906). et pour lire la premiere zone 
(705) des moyens de memoire (22) de la premiere carte (52) chaque fois que les moyens de couplage 
(909) regoivent un ordre demandant de lire la seconde carte (10) ou un ordre demandant d'ecrire dans 
la seconde carte (10), et pour comparer le contenu qui est lu dans cette zone avec le code d' 
identiffcation qui est enregistr^ dans les moyens de memoire k lecteur/enregistreur (906). les troisie- 
mes moyens (908) empechant au moins la lecture et recriture des moyens d© memoire (22) de la 
seconde carte (10) si le contenu de la premiere zone de donnies (705) des moyens de memoire (22) 
de la premiere carte (52) ne concorde pas avec le code dMdentification qui est enregistr^ dans les 
moyens de memoire a lecteur/enregistreur (906). 
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12, Un systfeme d'initialisation (50) pour des cartes de support d'information ^ circuit integrd. comprenant 
chacune des premiers moyens (20) incorpor^s dans la carte, qui r^agissent h un premier ordre, k des 
donnees de definition de zone et ^ un code introduit qui sont re^us par les moyens d'entree/sortie (24), 
en comparant le code introduit avec un premier code qui est enregistre dans la carte, en ecrivant les 

5 donnees de definition de zone dans une premiere region des moyens de nr^^moire (22) seulement si le 

code regis concorde avec le premier code, les donnees de definition de zone comprenant un ou 
plusieurs mots de definition de zone (701, .... 704), correspondant chacun h une zone de donndes 
respective dans une seconde region des moyens de noemoire, chaque mot de definition de zone (701 . 
...» 704) definissant au moins Tadresse de debut de la zone de donnees correspondante (707) et la 

JO taille de la zone de donnees conrespondante (707), et des seconds moyens (20), incorpoISs dans la 
carte, qui reagissent h un second ordre, h des donnees de code comprenant un ou plusieurs codes 
piementaires et ^ un code introduit, qui sont repus par les moyens d*entree/sortie (24), en comparant le 
code de cie introduit avec le premier code de cle et en ecrivant les donnees de code dans une 
troisi^me region des moyens de memoire seulement si le code introduit concorde avec le premier 

75 code et dans lequel chaque mot de definition de zone (701 , .... 704) specifie en outre que, soit aucun 

code soit un ou plusieurs codes parmi le premier code et le code ou les codes supplementaires, 
doivent etre regus par les moyens d'entree/sortie (24) pour lire des donnees dans la zone correspon- 
dante (707), et que, soit aucun code soit un ou plusieurs codes parmi le premier code et le code ou les 
codes supplementaires doivent §tre regus par les moyens d'entree/sortie (24) pour ecrire des donnees 

20 dans la zone de donnees correspondante (707). le systdme comprenant : 

des moyens d'entree pour recevoir les cartes a initialiser, une h la fois, et pour etablir un couplage 
avec les moyens d'entree/sortie (24) de la carte qui est ainsi regue ; 

des moyens de memoire d'initialisation pour enregistrer le premier code des donnees de definition 
de zone appropriees et un code ou plusieurs codes supplementaires ; 

25 des premiers moyens d'initialisation pour ecrire les donnees de definition de zone qui sont 

enregistrees dans les moyens de memoire d'initialisation, dans la premiere region des moyens de 
memoire de la carte qui est recue par les moyens d'entree, en utilisant le premier ordre, et le premier 
. code qui est enregist^ dans les moyens denrvBmoi re d initialisation ;et - - 

des seconds moyens d'initialisation pour ecrire le code ou les codes supplementaires qui sont 

30 enregistres dans les moyens de memoire d'initialisation. dans la troisi^me region des moyens de 

memoire de la carte qui est regue par les moyens d'entree, en utilisant le second ordre, et le premier 
code qui est enregistre dans les moyens de memoire d'initialisation. 

13. Un systeme d'initialisation (50) pour des cartes d'information h circuit integre selon la revendication 12. 
35 dans lequel le premier code les donnees de definition de zone et les codes supplementaires sont 

enregistres dans une carte ma'rlre (52) qui est regue par les rrtoyens d'entree avant la reception de la 
premiere des cartes ^ initialiser. !e systeme comprenant en outre des troisi^mes moyens d'initialisation 
pour transferer le premier code les donnees de definition de zone et ie code ou les codes supplemen- 
taires de la carte maflre vers les moyens de memoire d'initialisation. 

40 

14. Un systeme d'initialisation (50) pour des cartes de support d'information h circuit integre selon la 
revendication 12, dans lequel le systeme comprend en outre des moyens d 'alimentation automatiques 
qui sont destines h recevoir ur^ multiplicite des cartes a initialiser, et k fournir les cartes aux moyens 
d'entree, une k la fois. et des moyens de riception automatiques pour recevoir une carte apres que les 

45 donnees de definition de zone et le code ou les codes supplementaires ont ete ecrits dans les moyens 
de memoire de celle-ci. 

15, Un systeme d'initialisation (50) pour des cartes de support d'information k circuit integre selon la 
revendication 12, dans lequel la carte comprend en outre des troisiemes moyens (20), incorpores dans 

50 la carte, qui reagissent a un ordre d'ecriture, un code specifiant I'une seiectionnees des zones de 
donnees dans laquelle des donnees doivent etre ecrites. des donnees k ecrire dans la zone 
seiectionnee et un code ou des codes introduits quelconques. qui sont regus par les moyens 
d'entree/sortie (24), en comparant un code ou des codes introduits quelconques avec un code ou des 
codes quelconques qui sont definis comme etant exiges pour ecrire des donnees dans la zone de 

55 donnees seiectionnees (707), et en ecrivant les donnees regues dans la zone de donnees seiectionnee 

(707) si le code ou les codes introduits concordent avec le code ou les codes qui sont definis comme 
etant exiges pour ecrire des donnees dans la zone de donnees seiectionnee, ou si aucun code n'est 
defini comme etant exige pour ecrire des donnees dans la zone de donnees seiectionnee (707), et des 
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seconds moyens de m^moire (19) pour enregistrer un code d'identification de fichier. et dans lequel le 
systems connprend en outre : 

des moyens pour lire le contenu des seconds moyens de memoire (19), afin d'obtenir le code 
d'identification de fichier d'une carte qui est regue par les nnoyens d'entr^ ; 

5 des moyens de memoire de masse (16) pour enregistrer une muttiplicite de fichiers de donnees, 

chacun d'eux 6tanX associ^ h un num^ro d'identification de fichier respectif. chaque fichier de donnees 
ayant un ensembte de segments de donnees correspondant h des zones de donnees respectives (707) 
d'une carte (10), de la mani%re d^finie par les donnees de definition de zone (701. 704) qui sont 
Rentes dans la carte (10) par les premiers moyens d'initialisation ; ^ 

10 des troisifemes moyens d'initialisation qui r^agissent au code d'identification de fichier qui est 

obtenu par les moyens de lecture du contenu des seconds moyens de memoire (19). en recherchant 
parmi les fichiers de donnees dans les moyens de memoire de masse (16) le fichier de donnees qui 
est associ^ h ce code d'identification de fichier ; et 

des quatridmes moyens d'initiaHsation pour 4crire les segments du fichier de donnees associ^ 

75 dans des zones de donnees correspondantes (707) des moyens de nr^moire (22) de la carte (10) qui 

est regue par les moyens d'entrie. en utilisant I'ordre d'^criture et le code ou les codes appropri^s, s'il 
y en a, qui sont exig^s pour Retire des donnees dans chaque zone de donnees conrespondante (707). 

16. Un systeme d'initialisation (50) pour des cartes de support d'information h circuit int^gr^ selon la 
20 revendication 15, dans lequel les seconds moyens de memoire (19) de la carte (10) consistent en une 

piste magn^tique sur la carte, et les moyens pour lire le contenu des seconds moyens de memoire 
consistent en un lecteur de piste magn^tique. 

17. Dans une carte d'information h circuit int^gr^ (10) contenant des moyens de memoire non volatile (22) 
25 ayant une multiplicity de positions d'enregistrement de bits adressables, un precede pour segm enter 

une region d'enregistrement de donnees des moyens de memoire (22) en un ensemble de zones de 
donates (707), ayant chacune des attributs ppuvant leur etre affects, conruJrenant un niveau de 
s^curit^ d'accfes pouvanl §tre affect^, le proc^d^ comprenant les Stapes suivantes : 

on d^finit des premiere, seconde et troisieme regions dans les moyens de mdmoire (22), la 

30 troisieme region ^tant la region d'enregistrement de donnees ; 

on exige {'introduction dans la carte (10) d'au moins un premier code pour €crire dans les premiere 
et seconde regions des moyens de memoire (22) ; 

on ecrit un ou plusieurs codes dans la premiere region des moyens de memoire en introduisant le 
premier code et des codes exig^s suppl^mentaires quelconques ; et 

35 on ^crit des donnees de definition de zone dans la seconde region des moyens de memoire (22) 

en introduisant le premier code et des codes suppl^mentaires quelconques. les donnees de definition 

de zone comprenant un ou plusieurs mots de definition de zone (701 704) correspondant chacun h 

une zone de donnees respective (707), dans la troisieme region des moyens de memoire (22), chaque 
mot de definition de zone definissant au moins I'adresse de debut de la zone conrespondante (707). la 

40 taille de la zone conrespondante (707), et le fait qu'aucun code ou qu*un ou plusieurs des codes pxarmi 
le premier code et le code ou les codes se trouvant dans la premi&re region, doivent etre introduits 
dans la carte (10) pour lire des donnees dans la zone de donnees correspondante (707), et le fait 
qu'aucun code ou un ou plusieurs des codes parmi le premier code et le code ou les codes dans la 
premiere region, doivent etre introduits dans la carte (10) pour ecrire des donnees dans la zone 

45 correspondante (707). 

18. Precede selon la revendication 17, dans laquelle des donnees sont stockees dans chaque zone de 
donnees (707) sous forme d'enregistrements de donnees (722 ^ 727) situees successivement et 
chaque mot de definition de zone (701 h 704) specifie en outi'e le nombre maximal d'enregistrements 

50 de donnees qui peut etre stocke dans la zone (707) correspOfKlante, la longueur des donnees dans 
chaque enregisfrement de donnees (722 h 727) situe dans la zone (707) correspondante et une region 
d'allocation de zone (721) dans les moyens de memoire (22). pour stocker des donnees indiquant 
remplacement des nouveaux enregistrements de donnees (722 ^ 727) k stocker dans la zone (707) 
correspondante. 

55 

19. Carte de support d'information sous forme de circuit Integre (10). contenant des moyens de memoire 
non-volatile (22) presentant une ou plusieurs zones de donnees (707). chacune d'entre elles necessitant 
I'entree dans la carte (10) d'un code respectif ou d'une combinaison de codes pour lire des donnees 
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dans la zone de donn^es (707) et un code respectif ou une combinaison de codes (707), un precede 
pour empecher la diss^naination d*une connaissance du ou des codes respectifs. n^cessaires pour lire 
ou ecrire dans la zone de donn^es (707) de la carte (10). comprenant les etapes de : 

stockage du ou des codes respectils, necessaires p>our lire ou Ecrire dans les zones de donnees 
5 (707) des moyens de m^moire (22) de la carle (1 0), dans une carte de commande (52) separee; et 

transfert par deux moyens lecteurs/enregistreurs de carte (14), de tout code ou codes souhaites 
depuis la carte de comnnande (52), h. la carte (10), lorsqu*une lecture ou un enregistrement d'une zone 
s^lectionn^e parmi les zones de donndes (707), dans les moyens de mdmoire (22) de la carte (10). doit 
etre effectu^. 
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